The Parrot Project released Parrot OS 7.2 today, May 9, 2026, bringing a focused update to the Debian-based security distribution built for penetration testers, ethical hackers, and privacy-conscious users.
The release centers on a kernel upgrade to Linux 6.19.13, a comprehensive sync with upstream Debian packages, and a broad refresh of the security toolchain. Downloads are available now at parrotsec.org. The kernel upgrade is the most urgent reason to update.
Linux 6.19.13 ships with a fix for CVE-2026-31431, the local privilege escalation vulnerability publicly known as Copy Fail. This flaw, disclosed on April 29, 2026, lives in the algif_aead kernel module and allows an unprivileged local user to write controlled bytes into the page cache of any readable file on the system.
The same exploit works reliably across multiple distributions and can be delivered in a 732-byte Python script with no specialized tooling required. For a security-focused distribution whose users routinely work on systems shared with untrusted processes or containerized workloads, shipping the patched kernel promptly is the right call.
Parrot OS 7.2 is an especially important update for that audience specifically. Security researchers and penetration testers frequently work in environments where privilege escalation is both the subject of their work and a genuine risk to their own systems.
Running unpatched against Copy Fail while actively testing for privilege escalation vulnerabilities on client infrastructure is an uncomfortable position to be in. This release closes that gap.
On the toolchain side, Parrot OS 7.2 delivers updated versions across the entire security stack. NetExec moves to 1.5.1, OWASP ZAP to 2.16.1, BloodHound to 9.0, BeEF to 0.6, Certipy AD to 5.0.4, Evilginx to 3.3, Evil-WinRM-py to 1.6, sqlmap to 1.10.3, MCPwn to 1.2, Metasploit to 6.4.127, enum4linux-ng to 1.3.5, GDB GEF to the 2026.01 build, Legion to 0.7, httpx-toolkit to 1.7.4, and pypsrp to 0.8.1.
The breadth of this list reflects how much of Parrot’s value sits in its curated, current security tool collection rather than just its kernel or desktop. The desktop side also sees meaningful updates.
Parrot OS 7.2 ships KDE Plasma 6.3.6 as the default desktop environment, built on KDE Frameworks 6.13, KDE Gear 25.04.3, and Qt 6.8.2. Parrot has been a KDE-first distribution since the 5.0 transition and this release continues that direction with a fully maintained current Plasma build rather than a trailing version.
Several Parrot-specific components have received attention. The Parrot menu is actively migrating to a new Go-based codebase, with more desktop entries added in this release as the transition progresses.
Parrot themes and tools have been refreshed. The parrot-core package now includes a built-in Flatpak package check that automatically manages Flatpak updates in the background, removing a step that users previously had to handle manually.
Parrot OS 7.2 is fully synchronized with the latest Debian upstream package set, covering security fixes and stability patches across the base system. This sync ensures that the Parrot package selection stays aligned with Debian’s current state rather than drifting against it between major releases.
One new addition in this release serves a specific community. Parrot OS 7.2 adds image generation support for the Hack The Box Edition in both ISO and virtual machine formats. The Hack The Box platform is one of the most widely used environments for security skill development and CTF practice, and having a purpose-built Parrot image for it reduces setup friction for users working in that ecosystem.
Parrot OS ships in two desktop editions. The Security Edition includes the full preinstalled suite of penetration testing and cybersecurity tools for professionals and researchers. The Home Edition targets everyday use, privacy, and development work, providing a clean base without the complete security toolset by default. Additional tools can be installed manually from the repositories in either edition.
The official release notes for Parrot OS 7.2 are available at parrotsec.
