{"id":60664,"date":"2026-05-15T20:41:14","date_gmt":"2026-05-15T20:41:14","guid":{"rendered":"http:\/\/d639d0f1-662d-44ba-adac-28ffe6691f8a"},"modified":"2026-05-15T20:41:14","modified_gmt":"2026-05-15T20:41:14","slug":"the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/","title":{"rendered":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys"},"content":{"rendered":"<figure class=\"c-shortcodeImage u-clearfix c-shortcodeImage-large\">\n<div class=\"c-shortcodeImage_imageContainer\">\n<div class=\"c-shortcodeImage_image\"><picture class=\"c-cmsImage c-cmsImage_loaded\"><source media=\"(max-width: 767px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/292ffdfed54dfa8b8a37130a62648421732225e2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=768\" alt=\"caution symbol\"><source media=\"(max-width: 1023px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/31e8df32daa8a5004fe4fc17548a4de18be2b8e6\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1024\" alt=\"caution symbol\"><source media=\"(max-width: 1440px)\" srcset=\"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\" alt=\"caution symbol\"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\" alt=\"caution symbol\" width=\"1280\" height=\"682.6666666666666\" fetchpriority=\"low\"><\/picture><\/div>\n<p> <!----><\/div><figcaption> <span class=\"c-shortcodeImage_credit g-outer-spacing-top-xsmall u-block\">ismagilov\/iStock\/Getty Images Plus<\/span><\/figcaption><\/figure>\n<p><em>Follow ZDNET: <\/em><span class=\"c-commerceLink\"><a href=\"https:\/\/cc.zdnet.com\/v1\/otc\/00hQi47eqnEWQ6T9d4QLBUc?element=BODY&amp;element_label=Add+us+as+a+preferred+source&amp;module=LINK&amp;object_type=text-link&amp;object_uuid=b5ce6388-3844-4c5f-8890-dab874b2e858&amp;position=1&amp;template=article&amp;track_code=__COM_CLICK_ID__&amp;url=https%3A%2F%2Fcc.zdnet.com%2Fv1%2Fotc%2F00hQi47eqnEWQ6T9d4QLBUc%3Felement%3DBODY%26element_label%3DAdd%2Bus%2Bas%2Ba%2Bpreferred%2BGoogle%2Bsource%26module%3DLINK%26object_type%3Dtext-link%26object_uuid%3D5e5d2e64-4b30-43e6-8555-26eac7e449f3%26position%3D1%26template%3Darticle%26track_code%3D__COM_CLICK_ID__%26url%3Dhttps%253A%252F%252Fwww.google.com%252Fpreferences%252Fsource%253Fq%253Dzdnet.com%26view_instance_uuid%3D379e95d2-6b56-476b-a90b-043a8dd63bd3&amp;view_instance_uuid=21f4bdb7-84a9-4845-8ee6-727cbdd2a946&amp;object_version=5a0d6908-209c-4b8e-9d46-ad89d7c8c06c\" rel=\"noopener nofollow sponsored\" target=\"_blank\"><span>Add us as a preferred source<\/span><!----><\/a><\/span><em> on Google.<\/em><\/p>\n<hr>\n<h3>ZDNET&#8217;s key takeaways<\/h3>\n<ul>\n<li>Another day, another Linux bug.&nbsp;<\/li>\n<li>There is a patch out now. &nbsp;<\/li>\n<li>However, it&#8217;s not available yet in most distros.&nbsp;<\/li>\n<\/ul>\n<hr>\n<p>Linux&#8217;s latest kernel flaw doesn&#8217;t have a fancy name; it&#8217;s just called &#8220;<a href=\"https:\/\/almalinux.org\/blog\/2026-05-15-ssh-keysign-pwn-cve-2026-46333\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">ssh\u2011keysign\u2011pwn<\/a>.&#8221; It&#8217;s the fourth high\u2011profile local security hole to hit Linux in just a few weeks. This one enables ordinary users to quietly read some of the most sensitive files on a system, including Secure Shell (SSH) host private keys and the shadow password file.<\/p>\n<p>The vulnerability gets its &#8220;ssh\u2011keysign\u2011pwn&#8221; nickname from one of the main exploitation paths: abusing OpenSSH&#8217;s ssh-keysign helper binary. Keysign -keysign is used for host\u2011based authentication and typically runs setuid root, opening the system&#8217;s SSH host keys before dropping privileges to complete its work.<\/p>\n<p><strong>Also: <a href=\"https:\/\/www.zdnet.com\/article\/third-major-linux-kernel-flaw-in-two-weeks-found-by-ai\/\">The third major Linux kernel flaw in two weeks has been found &#8211; thanks to AI<\/a><\/strong><\/p>\n<p>Just what we needed. Another annoying and potentially dangerous Linux bug.<\/p>\n<h2>The flaw explained<\/h2>\n<p>Security researchers at security company <a href=\"https:\/\/www.qualys.com\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">Qualys<\/a> disclosed <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-46333\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">CVE\u20112026\u201146333<\/a>, an information\u2011disclosure vulnerability in the Linux kernel&#8217;s ptrace access check. Qualys claims it has existed in one form or another for about six years.&nbsp;<\/p>\n<p>The flaw sits in the __ptrace_may_access() logic that runs as processes exit. Under certain conditions, the kernel skips normal &#8220;dumpable&#8221; checks once a process has dropped its memory mapping. This opens a brief window for another process to steal its file descriptors.<\/p>\n<p>While ssh\u2011keysign\u2011pwn doesn&#8217;t hand over a full root shell by itself, the ability to exfiltrate host keys and password hashes is a powerful building block for lateral movement and long\u2011term persistence. In addition, with stolen SSH host keys, attackers can impersonate machines in host\u2011based trust relationships. With access to the shadow password directory, they can attempt offline password cracking and reuse those credentials across systems.<\/p>\n<p><strong>Also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/linux-security-wake-up-call-copy-fail-dirty-frag-why-inevitable\/\"><strong>Linux is getting a security wake-up call &#8211; why it was inevitable, and I&#8217;m not worried<\/strong><\/a><\/p>\n<p>Just what we always needed. A persistent hack that can keep stealing keys and passwords.&nbsp;<\/p>\n<p>In <a href=\"https:\/\/git.kernel.org\/pub\/scm\/linux\/kernel\/git\/torvalds\/linux.git\/commit\/?id=31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">his patch<\/a>, Linus Torvalds explained the problem exists because &#8220;We have one odd special case: ptrace_may_access() uses &#8216;dumpable&#8217; to check various other things entirely independently of the MM (typically explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for threads that no longer have a VM (and maybe never did, like most kernel threads). It&#8217;s not what this flag was designed for, but it is what it is.&#8221;<\/p>\n<p>What that means for you and me is that by combining this logic error with the pidfd_getfd(2) system call, unprivileged users can reach into privileged processes that are in the middle of shutting down, grab their still\u2011open file descriptors, and then read from files that would normally be accessible only to root.<\/p>\n<p>That wouldn&#8217;t be a big deal except that <a href=\"https:\/\/github.com\/0xdeadbeefnetwork\/ssh-keysign-pwn\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">Qualys has shown via a proof\u2011of\u2011concept (PoC) exploit<\/a> that the bug can be triggered reliably in practice, not just in theory. The good news is the fix is in. Linux stable maintainer Greg Kroah\u2011Hartman has already rolled out updates across multiple supported branches, including new releases such as 7.0.8, 6.18.31, 6.12.89, 6.6.139, 6.1.173, 5.15.207, and 5.10.256, all of which carry the ssh\u2011keysign\u2011pwn fix.&nbsp;<\/p>\n<h2>What you need to do<\/h2>\n<p>You&#8217;ll want to move to one of these kernels ASAP. This hole affects all Linux kernels released before May 14, 2026. Otherwise, as one tired member of the <a href=\"https:\/\/manjaro.org\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">Manjaro Linux<\/a> team put it, &#8220;<a href=\"https:\/\/forum.manjaro.org\/t\/alert-ssh-keysign-pwn-unprivileged-users-are-able-to-read-root-owned-files\/187676\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">Don&#8217;t run your PC if you don&#8217;t need it.<\/a>&nbsp;Lock yourself in and look over your shoulder.&#8221; Well, that&#8217;s certainly one way of dealing with it!&nbsp;<\/p>\n<p><strong>Also:&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/how-to-learn-claude-code-with-free-anthropic-ai-courses-online\/\">How to learn Claude Code for free with Anthropic&#8217;s AI courses<\/a><\/strong><\/p>\n<p>Until patched kernels are widely available, security teams do have some mitigation options, but each comes with trade\u2011offs.&nbsp;<\/p>\n<p>One quick and dirty workaround is to tighten Linux&#8217;s <a href=\"https:\/\/www.kernel.org\/doc\/Documentation\/security\/Yama.txt\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">Yama ptrace<\/a> restrictions by setting it with the command:&nbsp;<\/p>\n<p>sysctl kernel.yama.ptrace_scope=2.&nbsp;<\/p>\n<p>This disables ptrace for non\u2011root users and blocks the exploit, but it also breaks many debugging and monitoring workflows. This is not ideal for developer workflows.&nbsp;<\/p>\n<p>You can also reduce exposure by <a href=\"https:\/\/docs.datadoghq.com\/security\/default_rules\/def-000-fqw\/\" target=\"_blank\" rel=\"noopener nofollow\" class=\"c-regularLink\">disabling host\u2011based SSH authentication<\/a> and the ssh-keysign helper entirely on systems where they are not needed. This removes a primary avenue for stealing host keys. However, this also stops SSH in its tracks, which for many Linux systems is a non-starter.<\/p>\n<p>Me? I&#8217;m going to be monitoring my systems and hoping the distros I use every day &#8212; Linux Mint, Ubuntu, AlmaLinux, openSUSE, and Rocky Linux &#8212; get patched by the end of the weekend.&nbsp;<\/p>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/qualys-flags-a-linux-kernel-security-issue-that-could-lead-to-stolen-ssh-keys\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The good news is there&#8217;s already a patch. The bad news is that the fix isn&#8217;t available for all Linux distributions yet. Here&#8217;s what you can do in the meantime.READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-60664","post","type-post","status-publish","format-standard","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-15T20:41:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The 4th Linux kernel flaw this month can lead to stolen SSH host keys\",\"datePublished\":\"2026-05-15T20:41:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/\"},\"wordCount\":823,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\\\/2026\\\/05\\\/15\\\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\\\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/\",\"name\":\"The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\\\/2026\\\/05\\\/15\\\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\\\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\",\"datePublished\":\"2026-05-15T20:41:14+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\\\/2026\\\/05\\\/15\\\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\\\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\",\"contentUrl\":\"https:\\\/\\\/www.zdnet.com\\\/a\\\/img\\\/resize\\\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\\\/2026\\\/05\\\/15\\\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\\\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The 4th Linux kernel flaw this month can lead to stolen SSH host keys\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/","og_locale":"en_US","og_type":"article","og_title":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-05-15T20:41:14+00:00","og_image":[{"url":"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys","datePublished":"2026-05-15T20:41:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/"},"wordCount":823,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/","url":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/","name":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#primaryimage"},"thumbnailUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280","datePublished":"2026-05-15T20:41:14+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#primaryimage","url":"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280","contentUrl":"https:\/\/www.zdnet.com\/a\/img\/resize\/7e84e8232ed07ba5547a487056e5cb138d7a4ac2\/2026\/05\/15\/0f5c1cfe-7b77-4999-989a-a20d093dcee0\/gettyimages-2251821528.jpg?auto=webp&amp;width=1280"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-4th-linux-kernel-flaw-this-month-can-lead-to-stolen-ssh-host-keys\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"The 4th Linux kernel flaw this month can lead to stolen SSH host keys"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60664"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60664\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}