| CVE-2026-46595 |
critical |
10.0 |
10.0 |
|
|
|
14d ago |
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would… |
| CVE-2026-42508 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked. |
| CVE-2026-39834 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty pack… |
| CVE-2026-39833 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indicatio… |
| CVE-2026-39832 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forward… |
| CVE-2026-39831 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch … |
| CVE-2026-39830 |
critical |
9.1 |
9.1 |
|
|
|
14d ago |
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), r… |
| CVE-2017-3204 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey … |
| CVE-2025-47913 |
high |
— |
8.0 |
|
|
|
5mo ago |
RHSA-2026:0753: container-tools:rhel8 security update (Important) |
| CVE-2025-22869 |
high |
— |
8.0 |
|
|
|
1y ago |
RHSA-2025:3210: container-tools:rhel8 security update (Important) |
| CVE-2026-46597 |
high |
7.5 |
7.5 |
|
|
|
14d ago |
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. |
| CVE-2026-39829 |
high |
7.5 |
7.5 |
|
|
|
14d ago |
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumptio… |
