Openbsd OpenSSH vulnerabilities

CVE-2026-35414 [HIGH] CWE-670 CVE-2026-35414: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

CVE-2026-35385 [HIGH] CWE-281 CVE-2026-35385: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contr In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

CVE-2026-35386 [LOW] CWE-696 CVE-2026-35386: In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

CVE-2026-35388 [LOW] CWE-420 CVE-2026-35388: OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CVE-2026-35387 [LOW] CWE-670 CVE-2026-35387: OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcc OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

CVE-2026-3497 [LOW] openssh vulnerabilities openssh vulnerabilities Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usern

CVE-2025-61985 [LOW] CWE-158 CVE-2025-61985: ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code e ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

CVE-2025-61984 [LOW] CWE-159 CVE-2025-61984: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possib ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not c

CVE-2025-32728 [LOW] CWE-440 CVE-2025-32728: In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

CVE-2025-26466 [MEDIUM] CWE-770 CVE-2025-26466: A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the

CVE-2025-26465 [MEDIUM] CWE-390 CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-m A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker

CVE-2024-39894 [HIGH] CVE-2024-39894: OpenSSH 9 OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2023-51767 [HIGH] CVE-2023-51767: OpenSSH through 10 OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the applicati

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-51384 [MEDIUM] CVE-2023-51384: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. Whe In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

CVE-2023-51385 [MEDIUM] CWE-78 CVE-2023-51385: In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

CVE-2023-38408 [CRITICAL] CVE-2023-38408: The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search pa The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

CVE-2023-28531 [CRITICAL] CVE-2023-28531: ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destinat ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

CVE-2023-25136 [MEDIUM] CWE-415 CVE-2023-25136: OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handl OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoret