| CVE-2026-46595 |
critical |
10.0 |
10.0 |
|
|
|
13d ago |
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would… |
| CVE-2026-42508 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. |
| CVE-2026-39834 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack… |
| CVE-2026-39833 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio… |
| CVE-2026-39832 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward… |
| CVE-2026-39831 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch … |
| CVE-2026-39830 |
critical |
9.1 |
9.1 |
|
|
|
13d ago |
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), r… |
