CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.
References
Link Resource
https://access.redhat.com/security/cve/CVE-2026-55654 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2462493 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

History

25 Jun 2026, 16:59

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
First Time Redhat hardened Images
Redhat enterprise Linux
Openbsd openssh
Redhat
Openbsd
References () https://access.redhat.com/security/cve/CVE-2026-55654 - () https://access.redhat.com/security/cve/CVE-2026-55654 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2462493 - () https://bugzilla.redhat.com/show_bug.cgi?id=2462493 - Exploit, Issue Tracking, Vendor Advisory

23 Jun 2026, 04:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-23 04:17

Updated : 2026-06-25 16:59


NVD link : CVE-2026-55654

Mitre link : CVE-2026-55654

CVE.ORG link : CVE-2026-55654


JSON object : View

Products Affected

redhat

  • enterprise_linux
  • hardened_images

openbsd

  • openssh
CWE
CWE-125

Out-of-bounds Read