Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-55653— Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

CVSS 4.3 · Medium EPSS 0.20% · P10

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-55653

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
双重释放
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenSSH 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenSSH OpenSSH是OpenSSH组织的一个安全管理连接的软件。 OpenSSH存在资源管理错误漏洞,该漏洞源于Diffie-Hellman Group Exchange客户端路径存在双重释放漏洞,在FIPS模式已知组验证期间处理攻击者控制的DH-GEX组参数时发生,成功利用会导致客户端进程终止,造成拒绝服务。以下版本受到影响:Red Hat Enterprise Linux 10、Red Hat Enterprise Linux 6、Red Hat Enterprise Linux 7、Re
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Enterprise Linux 10-cpe:/o:redhat:enterprise_linux:10
Red HatRed Hat Enterprise Linux 6-cpe:/o:redhat:enterprise_linux:6
Red HatRed Hat Enterprise Linux 7-cpe:/o:redhat:enterprise_linux:7
Red HatRed Hat Enterprise Linux 8-cpe:/o:redhat:enterprise_linux:8
Red HatRed Hat Enterprise Linux 9-cpe:/o:redhat:enterprise_linux:9
Red HatRed Hat Hardened Images-cpe:/a:redhat:hummingbird:1
Red HatRed Hat OpenShift Container Platform 4-cpe:/a:redhat:openshift:4

II. Public POCs for CVE-2026-55653

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-55653

登录查看更多情报信息。

Vendor Advisories for CVE-2026-55653 (1)

Other References for CVE-2026-55653 (1)

Same Patch Batch · Red Hat · 2026-06-23 · 12 CVEs total

CVE-2026-118079.6 CRITICALEda-server: websocket missing authorization allows credential theft via activation_id spoo
CVE-2026-121127.8 HIGHForeman-mcp-server: mcp server: active session hijacking via insecure session state reuse
CVE-2026-106096.8 MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards servicea
CVE-2026-118206.5 MEDIUMCommunity.general: community.general nexmo — api credentials exposed in get url query stri
CVE-2026-90736.2 MEDIUMForeman-mcp-server: mcp server: insecure sensitive http header sanitization
CVE-2026-118195.5 MEDIUMCommunity.general: community.general keyring_info — os keyring passphrase returned in plai
CVE-2026-129695.3 MEDIUMDnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation
CVE-2026-556555.0 MEDIUMOpenssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat ente
CVE-2026-128924.4 MEDIUMGstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 na
CVE-2026-128914.3 MEDIUMGstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266
CVE-2026-556543.7 LOWOpenssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi in

IV. Related Vulnerabilities

V. Comments for CVE-2026-55653

No comments yet


Leave a comment