CVE Catalog

CVE-2026-55653

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A double free vulnerability was found in OpenSSH in the Diffie-Hellman Group Exchange (DH-GEX) client path during FIPS mode known-group validation. A malicious SSH server can exploit this by sending crafted DH-GEX group parameters, causing client process termination and Denial of Service (DoS).

Risk Assessment

An attacker-controlled SSH server can remotely crash the SSH client, preventing users from establishing secure connections. This can disrupt critical services that rely on SSH for remote administration or data transfer.

Recommendation

Immediately update OpenSSH to the latest version containing the fix for the double free in DH-GEX. Until patched, consider temporarily disabling FIPS mode or restricting trust to SSH servers.

Original NVD description (English source)

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS