Skip to main content

Openssh

5 CVEs product

Monthly

CVE-2026-35385 HIGH PATCH This Week

Privilege-escalation exposure in OpenSSH before 10.3 (fixed in 10.3p1) where scp, when run by root using the legacy SCP protocol flag -O and without -p (preserve mode), may write a downloaded file with setuid or setgid bits set, contrary to user expectation. A malicious or compromised SSH server (or a man-in-the-middle on the transfer) could thereby cause an attacker-controlled binary to land on disk as a setuid/setgid-root executable, enabling local privilege escalation when it is later run. There is no public exploit identified at time of analysis, EPSS is very low (0.04%), and CISA SSVC rates exploitation as 'none' though technical impact as 'total'.

Information Disclosure SSH Openssh
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-3497 MEDIUM PATCH This Month

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself.

Information Disclosure SSH Microsoft Debian Linux Enterprise Linux +2
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-32728 MEDIUM PATCH This Month

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure SSH Red Hat Debian Linux Suse +1
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-26466 MEDIUM PATCH This Month

A flaw was found in the OpenSSH package. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 42.5% and no vendor patch available.

Denial Of Service SSH Microsoft Debian Linux Ubuntu Linux +1
NVD
CVSS 3.1
5.9
EPSS
42.5%
CVE-2024-6387 HIGH POC PATCH THREAT Act Now

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to exploit a signal handler race condition by failing to authenticate within the LoginGraceTime window, potentially yielding root-level code execution on glibc-based Linux systems. The flaw - widely known as 'regreSSHion' - affects numerous distributions and vendor appliances including Ubuntu 23.10/24.04, AlmaLinux 9, SonicWall SMA firmware, Arista EOS, NetApp ONTAP, and others. Publicly available exploit code exists and EPSS scores it at 48.06% (98th percentile), reflecting very high exploitation likelihood, though it is not currently listed in CISA KEV.

Information Disclosure SSH macOS Active Iq Unified Manager Bootstrap Os +51
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
48.1%
Threat
4.6
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Privilege-escalation exposure in OpenSSH before 10.3 (fixed in 10.3p1) where scp, when run by root using the legacy SCP protocol flag -O and without -p (preserve mode), may write a downloaded file with setuid or setgid bits set, contrary to user expectation. A malicious or compromised SSH server (or a man-in-the-middle on the transfer) could thereby cause an attacker-controlled binary to land on disk as a setuid/setgid-root executable, enabling local privilege escalation when it is later run. There is no public exploit identified at time of analysis, EPSS is very low (0.04%), and CISA SSVC rates exploitation as 'none' though technical impact as 'total'.

Information Disclosure SSH Openssh
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself.

Information Disclosure SSH Microsoft +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure SSH Red Hat +3
NVD GitHub
EPSS 43% CVSS 5.9
MEDIUM PATCH This Month

A flaw was found in the OpenSSH package. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 42.5% and no vendor patch available.

Denial Of Service SSH Microsoft +3
NVD
EPSS 48% 4.6 CVSS 8.1
HIGH POC PATCH THREAT Act Now

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to exploit a signal handler race condition by failing to authenticate within the LoginGraceTime window, potentially yielding root-level code execution on glibc-based Linux systems. The flaw - widely known as 'regreSSHion' - affects numerous distributions and vendor appliances including Ubuntu 23.10/24.04, AlmaLinux 9, SonicWall SMA firmware, Arista EOS, NetApp ONTAP, and others. Publicly available exploit code exists and EPSS scores it at 48.06% (98th percentile), reflecting very high exploitation likelihood, though it is not currently listed in CISA KEV.

Information Disclosure SSH macOS +53
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy