Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-26466 PoC — Openssh: denial-of-service in openssh

Source
https://github.com/rxerium/CVE-2025-26466
Associated Vulnerability
Title:Openssh: denial-of-service in openssh (CVE-2025-26466)
Description:A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Description
 The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption
Readme
# CVE-2025-26466

## How does this detection method work?

This template matches on the following vulnerable versions:
```
          - "SSH-2.0-OpenSSH_9.5p1"
          - "SSH-2.0-OpenSSH_9.6p1"
          - "SSH-2.0-OpenSSH_9.7p1"
          - "SSH-2.0-OpenSSH_9.8p1"
          - "SSH-2.0-OpenSSH_9.9p1"
```
If there is a match, the host is considered to be vulnerable to CVE-2025-26466.

 ## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml` 

## References

- https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

## Contact

Feel free to reach out to me on [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).
File Snapshot

 [4.0K]  /data/pocs/30b982f87cab4c1e9c22e5fa14f411339a276e38
├── [1017]  README.md
└── [ 656]  template.yaml

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →