CVE-2026-55653
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A double free vulnerability was found in OpenSSH in the Diffie-Hellman Group Exchange (DH-GEX) client path during FIPS mode known-group validation. A malicious SSH server can exploit this by sending crafted DH-GEX group parameters, causing client process termination and Denial of Service (DoS).
Risk Assessment
An attacker-controlled SSH server can remotely crash the SSH client, preventing users from establishing secure connections. This can disrupt critical services that rely on SSH for remote administration or data transfer.
Recommendation
Immediately update OpenSSH to the latest version containing the fix for the double free in DH-GEX. Until patched, consider temporarily disabling FIPS mode or restricting trust to SSH servers.
Original NVD description (English source)
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).

