Session Exposure in ShellHub Centralized SSH Gateway
CVE-2026-44423

6.5MEDIUM

Key Information:

Vendor: Shellhub-io
Status: Shellhub
Vendor: CVE Published:; 13 May 2026

🔔 Create Shellhub-io Vulnerability Alert

What is CVE-2026-44423?

ShellHub, a centralized SSH gateway, prior to version 0.24.2, allows any authenticated user to access the complete session object of other users without proper tenant scoping. This oversight can lead to significant privacy concerns as the exposed data includes SSH usernames, device UIDs, remote IP addresses, terminal types, authentication flags, and timestamps. Due to this vulnerability, an authenticated user might tamper with or exploit unauthorized session records, jeopardizing user security across namespaces. The issue was resolved in version 0.24.2.

Affected Version(s)

shellhub < 0.24.2

References

https://github.com/shellhub-io/shellhub/security/advisori...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 6, 2026

CVE-2026-44423 Data

JSON