CVE Catalog

CVE-2026-55655

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.08%

0th percentile - higher than 0% of all known CVEs

Summary

A flaw in OpenSSH allows a local unprivileged attacker to hijack forwarded X11 connections. The attack pre-binds the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input.

Risk Assessment

The organization risks exposure of confidential data displayed in X11 windows and potential manipulation of the forwarded SSH session. An attacker can intercept window content and user input, posing a serious threat to information security.

Recommendation

Immediately update OpenSSH to the latest patched version. As a workaround, consider disabling X11 forwarding (X11Forwarding no) or restricting access for unprivileged users until the update is applied.

Original NVD description (English source)

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS