A high-risk security vulnerability, CVE-2024-3094, was identified in the XZ Utils package, specifically versions 5.6.0 and 5.6.1, enabling unauthorized SSH access.

The vulnerability is a serious concern for popular Linux distributions including Fedora, Debian, Kali, openSUSE, and Arch Linux.

Affected Linux distributions have advised users to downgrade to previous stable versions to prevent exploitation of the flaw.

Red Hat has rated the security flaw with the highest severity, and the US Cybersecurity and Infrastructure Security Agency has called for immediate action to downgrade affected systems.

A detection tool has been made available to help organizations identify compromised XZ Utils installations.

The incident underscores the continuous risk of undisclosed security issues in common open-source software and the need for regular updates, security audits, and increased awareness.