CVE-2026-55654

LOW EPSS 22.5%

Published Jun 23, 20261w ago · Modified Jun 23, 20266d ago

3.7 CVSS 3.1

Low

Published Jun 23, 2026 1w ago

Last Modified Jun 23, 2026 6d ago

Description

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.

CVSS Details

Base Score

3.7

Exploitability

2.2

Impact

1.4

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability Low

Threat Intelligence

EPSS Exploit Probability

22.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

References 2

access.redhat.com https://access.redhat.com/security/cve/CVE-2026-55654
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2462493

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.