Liferay incident

Security Update: Critical Kubernetes Maintenance (CVE-2026-31431 in the Linux kernel)

Notice Resolved View vendor source →

Liferay experienced a notice incident on May 15, 2026 affecting Tokyo, Japan and Infrastructure Services and 1 more component, lasting —. The incident has been resolved; the full update timeline is below.

Started
May 15, 2026, 04:04 PM UTC
Resolved
May 15, 2026, 04:04 PM UTC
Duration
Detected by Pingoru
May 15, 2026, 04:04 PM UTC

Affected components

Tokyo, JapanInfrastructure ServicesMumbai, IndiaSydney, AustraliaHamina, FinlandLondon, EnglandFrankfurt, GermanyMontréal, QuébecSão Paulo, BrazilIowa, USAVirginia, USAOregon, USAJurong West, SingaporeDammam, Saudi ArabiaDoha, QatarZurich, Switzerland

Update timeline

  1. resolved May 15, 2026, 04:04 PM UTC

    Yesterday, the Liferay Cloud Infrastructure team performed emergency maintenance across our Kubernetes clusters. This action was taken to patch a critical vulnerability identified as CVE-2026-31431 in the Linux kernel. Reason for Emergency Action: Due to the high criticality of this vulnerability, we opted for an immediate rollout and minimal initial disclosure to mitigate the risk of exploitation. Providing detailed information before the patch could have alerted malicious actors, potentially leading to attacks. Technical Details & Risk: The vulnerability (CVE-2026-31431) allowed an attacker with shell access to perform a container escape, gaining root access to the host GKE node. Actions Taken: - All GKE clusters were updated to the latest secure version. - The maintenance was executed during off-peak hours for each region to minimize impact. - Our infrastructure team remains on high alert throughout Thursday and Friday for continuous monitoring. Security Commitment: Protecting our customers' data and infrastructure is our top priority. We thank you for your understanding regarding the lack of prior notice in this exceptional circumstance.