// #ssh
4 articles
Linux Kernel CVE-2026-46333: Nine-Year-Old ptrace Race Condition Leaks SSH Private Keys and Grants Root
Qualys Threat Research Unit has disclosed CVE-2026-46333, a race condition in the Linux kernel ptrace subsystem affecting all major distributions since kernel 4.8 (2016). Four working privilege escalation exploits exist using SUID binaries; successful exploitation also discloses /etc/shadow and SSH host private keys. Patch immediately.
Golang crypto/ssh Mass Advisory: Nine CVEs Including CVSS 10.0 Re-Opened SSH Auth Bypass Affect Enterprise DevOps Infrastructure
The Go security team published a coordinated batch of nine CVE fixes for the golang.org/x/crypto SSH library on 22 May, including CVE-2026-46595 (CVSS 10.0), which re-opens a previously patched SSH authentication bypass for services using non-public-key authentication callbacks. Enterprise environments using Go-based SSH tooling, CI/CD pipelines, Kubernetes components, and cloud management tooling are affected.
PamDOORa: Linux Post-Exploitation PAM Module Backdoor Sold on Dark Web for $1,600
Flare.io researchers have identified PamDOORa, a commercially sold Linux backdoor sold for $1,600 on a Russian-language underground forum. PamDOORa installs as a malicious PAM (Pluggable Authentication Module) on compromised Linux systems, creating a persistent hidden SSH access mechanism that activates via a magic password and a TCP port — while also harvesting the credentials of all legitimate users who authenticate to the system.
OpenSSH 10.3 Patches CVE-2026-35385 — SCP Privilege Escalation via Setuid Bit Preservation
OpenSSH 10.3 fixes CVE-2026-35385 (CVSS 7.5), a privilege escalation flaw in the legacy SCP protocol where files downloaded as root without the -p flag may retain their setuid or setgid bits. Any Linux or macOS system with OpenSSH prior to 10.3 and a workflow involving scp downloads as root is affected.