Skip to main content

OpenSSH CVE-2026-60000

| EUVDEUVD-2026-42143 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-07-08 mitre GHSA-76jm-35gr-hwcm
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
Vendor (mitre) PRIMARY
LOW
qualitative
NVD
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Requires the non-default GSSAPIAuthentication feature enabled (AC:H); unauthenticated network reachable (PR:N/AV:N); partial resource-consumption DoS per SSVC so availability-only and A:L, no C/I impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jul 09, 2026 - 16:58 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 16:57 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 16:52 vuln.today
cvss_changed
Severity Changed
Jul 09, 2026 - 16:52 NVD
LOW HIGH
CVSS changed
Jul 09, 2026 - 16:52 NVD
3.7 (LOW) 7.5 (HIGH)
Patch available
Jul 08, 2026 - 02:01 EUVD
Analysis Generated
Jul 08, 2026 - 01:24 vuln.today

DescriptionNVD

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service (resource consumption from excessive authentication attempts) because MaxAuthTries was mishandled for GSSAPIAuthentication.

AnalysisAI

Denial of service in OpenSSH sshd before 10.4 lets remote unauthenticated attackers exhaust server resources by driving excessive authentication attempts, because the MaxAuthTries cap was not correctly enforced for the GSSAPIAuthentication path. Only deployments that have enabled GSSAPI-based authentication are exposed, and there is no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach network-exposed sshd (port 22)
Delivery
Initiate GSSAPI authentication attempts
Exploit
Bypass MaxAuthTries limit
Execution
Flood repeated expensive auth negotiations
Persist
Exhaust server CPU/memory
Impact
Deny SSH service to legitimate users

Vulnerability AssessmentAI

Exploitation The target sshd must have GSSAPIAuthentication enabled (typically in Kerberos or Active Directory integrated deployments) - this is the exact configuration prerequisite drawn from the description's scoping of the bug to the GSSAPIAuthentication path, and GSSAPI is disabled by default in stock OpenSSH, which sharply limits the exposed population. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, score 7.5) reflects a network-reachable, unauthenticated availability-only impact with no confidentiality or integrity loss. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network reach to an internet-exposed sshd that has GSSAPIAuthentication enabled opens repeated connections and submits authentication attempts through the GSSAPI path, which fails to enforce MaxAuthTries. By sustaining many concurrent expensive negotiations, the attacker consumes server CPU and memory, degrading or denying SSH service for legitimate administrators. …
Remediation Vendor-released patch: OpenSSH 10.4 (portable 10.4p1) - upgrade sshd to 10.4/10.4p1 or later, or apply the fixed package from your distribution once it incorporates the upstream release (https://www.openssh.org/releasenotes.html#10.4p1). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all SSH servers with GSSAPI authentication enabled and assess their criticality to operations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Share

CVE-2026-60000 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy