Critical Linux Kernel Vulnerability Exposes SSH Keys and Passwords

Severity: High (Score: 72.0)

Sources: www.cve.org, Cybersecuritynews, Zdnet, Gbhackers, nvd.nist.gov

Summary

A newly discovered Linux kernel vulnerability, tracked as CVE-2026-46333 and nicknamed 'ssh-keysign-pwn', allows unprivileged users to access sensitive files such as SSH host keys and the shadow password file. This flaw has existed for approximately six years and was disclosed by Qualys. The vulnerability arises from a logic error in the ptrace_may_access() function, which fails to enforce proper access controls during process termination. Public exploits for this vulnerability were released shortly after its disclosure, leading to urgent patching efforts across multiple Linux distributions. Affected systems include AlmaLinux 8, 9, and 10, with patches already available in testing repositories. Security experts recommend tightening ptrace_scope settings as a mitigation strategy. The flaw poses a significant risk for lateral movement and long-term persistence in compromised environments. Key Points: • CVE-2026-46333 allows access to SSH keys and shadow passwords on Linux systems. • The vulnerability has existed undetected for six years and was disclosed on May 15, 2026. • Patches are available for AlmaLinux, with urgent recommendations for tightening ptrace_scope.

Key Entities

• Data Breach (attack_type)
• Zero-day Exploit (attack_type)
• Qualys (company)
• CVE-2026-46333 (cve)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-269 - Improper Privilege Management (cwe)
• bugs.almalinux.org (domain)
• kernel.org (domain)
• [email protected] (email)
• T1003 - OS Credential Dumping (mitre_attack)
• T1021 - Remote Services (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• AlmaLinux (platform)
• Linux (platform)
• OpenSSH (platform)
• Gdb (tool)
• Ssh-keysign (tool)
• Strace (tool)
• Ssh-keysign-pwn (vulnerability)