Critical Linux Kernel Vulnerability Exposes SSH Keys and Passwords

Critical Linux Kernel Vulnerability Exposes SSH Keys and Passwords

First seen 16 May 2026, 07:52 UTC Heise.DeAlmalinuxnvd.nist.govCybersecuritynewsGbhackers+18 87% similarity 72.0

Article Content

Browse articles
ThreatCluster

A newly discovered Linux kernel vulnerability, tracked as CVE-2026-46333 and nicknamed 'ssh-keysign-pwn', allows unprivileged users to access sensitive files such as SSH host keys and the shadow password file. This flaw has existed for approximately six years and was disclosed by Qualys. The vulnerability arises from a logic error in the ptrace_may_access() function, which fails to enforce proper access controls during process termination. Public exploits for this vulnerability were released shortly after its disclosure, leading to urgent patching efforts across multiple Linux distributions. Affected systems include AlmaLinux 8, 9, and 10, with patches already available in testing repositories. Security experts recommend tightening ptrace_scope settings as a mitigation strategy. The flaw poses a significant risk for lateral movement and long-term persistence in compromised environments.

Key Points: • CVE-2026-46333 allows access to SSH keys and shadow passwords on Linux systems. • The vulnerability has existed undetected for six years and was disclosed on May 15, 2026. • Patches are available for AlmaLinux, with urgent recommendations for tightening ptrace_scope.

ThreatCluster AI

Timeline

2026-05-15
CVE-2026-46333 published
Qualys disclosed a vulnerability allowing access to sensitive SSH keys and password hashes.
Almalinux
2026-05-16
Public exploits released
Two working exploits for the ssh-keysign-pwn vulnerability were made public, demonstrating its practical exploitation.
Zdnet
2026-05-16
Patches rolled out
Linux maintainer Greg Kroah-Hartman rolled out updates across multiple supported branches to address the vulnerability.
Zdnet

Community

Browse all →