A newly discovered flaw in the Linux kernel, specifically in the process trace path (ptrace), allows unprivileged local users to access sensitive information such as SSH private keys and password hashes. This vulnerability, identified as CVE-2026-46333, has existed since November 2016 and affects Debian, Fedora, and Ubuntu. The flaw arises from a narrow exposure in the ptrace operations that can be exploited, particularly through functionalities added in the kernel in 2020.
Patches are available, and experts recommend immediate updates as the risk is significant in environments with unprivileged access. A CVSS score of 5.5 has been assigned, though the practical exploitation potential is considered severe.