Local Hijacking Vulnerability in OpenSSH Affecting Linux Clients
CVE-2026-55655

5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-55655?

A flaw in OpenSSH allows a local unprivileged attacker to hijack client-side X11 forwarding connections. This vulnerability arises when X11 forwarding is enabled and a local UNIX-domain X socket is utilized. The attacker can pre-bind the preferred abstract X socket name, which can lead to the compromise of the confidentiality of forwarded X11 traffic. This includes potential access to sensitive window contents and input manipulation of the forwarded session, posing a notable risk to user data and privacy.

References

https://access.redhat.com/security/cve/CVE-2026-55655

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2462250

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 16, 2026

CVE-2026-55655 Data

JSON

Red Hat

What is CVE-2026-55655?

References

CVSS V3.1

Timeline