linux 0-day, access root-owned files as an unprivileged user
A critical Linux 0-day vulnerability has been disclosed via a GitHub repository (0xdeadbeefnetwork/ssh-keysign-pwn) that allows unprivileged users to access root-owned files. The exploit targets the ssh-keysign binary, a setuid helper used by OpenSSH for host-based authentication. By exploiting improper privilege handling, an attacker can read arbitrary files as root, including sensitive system files like /etc/shadow. The proof-of-concept code was published on May 15, 2026, and affects all Linux distributions using OpenSSH with ssh-keysign. No patch is currently available, leaving systems vulnerable to local privilege escalation. The vulnerability is particularly dangerous in multi-user environments or containers where unprivileged users can execute the exploit. Administrators are advised to monitor for updates from their distribution vendors and consider disabling ssh-keysign if not required.
Unprivileged users can escalate to root, compromising entire systems.