Nine-year-old Linux kernel flaw disclosed with root-execution risk.

Nine-year-old Linux kernel flaw disclosed with root-execution risk.
Researchers disclosed CVE-2026-46333, a Linux kernel vulnerability introduced in 2016 and now branded “ssh-keysign-pwn.” The flaw can allow an unprivileged local user to disclose sensitive files and execute commands as root on default installations of major distributions including Debian, Fedora, and Ubuntu. A proof-of-concept exploit was released shortly before the disclosure, increasing urgency for patching. Recommended action is to install the latest kernel updates; temporary mitigations include raising kernel.yama.ptrace_scope to 2, and systems with untrusted local users should consider credential and SSH host-key exposure.