CISA added CVE-2026-31431, a Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability, to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. Federal agencies must remediate this vulnerability per Binding Operational Directive 22-01, and CISA urges all organizations to prioritize remediation as part of vulnerability management practices.