In a nutshell: A nine-year-old Linux kernel security vulnerability (CVE-2026-46333) allows unprivileged local users to execute root commands and disclose sensitive files on Debian, Fedora, and Ubuntu. Qualys recommends immediate kernel updates and SSH key rotation.
Cybersecurity researchers have disclosed details of a Linux kernel vulnerability that remained undetected for nine years. The weakness CVE-2026-46333 could enable unprivileged local users to disclose sensitive files and execute arbitrary commands with root privileges on standard installations of major distributions such as Debian, Fedora, and Ubuntu.
The security company Qualys discovered the vulnerability and assigned it the code name ssh-keysign-pwn. The issue lies in the kernel function __ptrace_may_access() and was introduced in November 2016. With a CVSS score of 5.5, the vulnerability could allow attackers to disclose the /etc/shadow file and private SSH keys under /etc/ssh/*_key as well as execute arbitrary commands as root. This is possible through four different exploits targeting chage, ssh-keysign, pkexec, and accounts-daemon.
Saeed Abbasi, Senior Manager of the Threat Research Unit at Qualys, explained: “The exploitation is reliable and converts any local shell into a path to root or to sensitive login credentials.”
The disclosure came shortly after a proof-of-concept exploit and a public kernel commit were published. Qualys urgently recommends deploying the latest kernel updates from Linux distributions. If updates are not immediately possible, temporary measures include increasing the “kernel.yama.ptrace_scope” parameter to 2.
The security company warns: “On systems where untrusted local users had access during the exposure window, SSH host keys and locally cached login credentials should be treated as potentially disclosed. Update host keys and review all administrative data that was present in the memory of set-UID processes.”
In parallel, a proof-of-concept for PinTheft was released, another local privilege escalation vulnerability for Arch Linux that also leads to root privileges.