CVE-2026-55655
MEDIUM EPSS 0.3%
Published Jun 23, 20266d ago · Modified Jun 23, 20266d ago
5.0 CVSS 3.1
Published Jun 23, 2026 6d ago
Last Modified Jun 23, 2026 6d ago
Description
A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
0.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-923
References 2
- access.redhat.com https://access.redhat.com/security/cve/CVE-2026-55655
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2462250
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.