Skip to main content

SSH EUVDEUVD-2026-42146

| CVE-2026-60002 CRITICAL
Use After Free (CWE-416)
2026-07-08 mitre GHSA-gp5v-jg37-fvg6
9.4
CVSS 3.1 · NVD
Share

Severity by source

Vendor (mitre) PRIMARY
HIGH
qualitative
NVD
9.4 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
vuln.today AI
6.4 MEDIUM

Victim must connect to a hostile server (UI:R) and the attacker must win the rekey host-key-change race (AC:H); primary impact is client memory disclosure (C:H) with lesser integrity/availability effect.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

8
Analysis Updated
Jul 09, 2026 - 16:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 09, 2026 - 16:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 09, 2026 - 16:37 vuln.today
cvss_changed
Severity Changed
Jul 09, 2026 - 16:37 NVD
HIGH CRITICAL
CVSS changed
Jul 09, 2026 - 16:37 NVD
7.7 (HIGH) 9.4 (CRITICAL)
Patch available
Jul 08, 2026 - 02:01 EUVD
Analysis Generated
Jul 08, 2026 - 01:20 vuln.today
CVE Published
Jul 08, 2026 - 00:17 cve.org
HIGH 7.7

DescriptionNVD

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

AnalysisAI

Memory corruption in the OpenSSH client (ssh) before 10.4 lets a malicious or compromised SSH server trigger a use-after-free on the connecting client by changing its host key during a key re-exchange (rekey), potentially leading to information disclosure or code execution in the client process. Only the client side is affected; the server is not vulnerable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Audit all systems running OpenSSH client to identify versions prior to 10.4. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Share

EUVD-2026-42146 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy