An information disclosure security vulnerability in the Linux kernel was publicly disclosed on May 15th, 2026. The vulnerability was reported by Qualys and fixed in the mainline Linux kernel tree. A proof-of-concept exploit was published soon after public disclosure. The ID CVE-2026-46333 was assigned, but the vulnerability is also referr […]

The Ubuntu Blog provides updates, tutorials, and insights on the Ubuntu operating system and related projects. Covering topics such as Linux desktops, server administration, and cloud computing, the blog offers resources for developers and sysadmins working with Ubuntu. Developers can learn how to set up, configure, and optimize Ubuntu systems for development, deployment, and production environments by following the Ubuntu Blog.

Ubuntu

A Linux kernel information disclosure vulnerability (CVE-2026-46333, aka 'ssh-keysign-pwn') was publicly disclosed on May 15, 2026, with a proof-of-concept exploit available. The race condition allows unprivileged local users to read sensitive files — including /etc/shadow and OpenSSH server host private keys — opened by suid/sgid executables via the ptrace() syscall. All Ubuntu LTS releases from 14.04 through 26.04 are affected. Until kernel patches are available, the recommended mitigation is setting kernel.yama.ptrace_scope to 2 (or 3 for stricter lockdown), which restricts ptrace usage but disables unprivileged debugging tools like gdb and gcore. Specific sysctl commands and drop-in config file instructions are provided.

CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations