Authentication Bypass in OpenBSD Product by OpenBSD Vendor
CVE-2026-55706

5.8MEDIUM

Key Information:

Vendor: OpenBSD
Status: OpenBSD
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-55706?

The sppp_pap_input function in the OpenBSD network subsystem prior to the 076e2b1 commit is susceptible to an authentication bypass. The flaw arises when specific zero values for lengths are processed, potentially allowing unauthorized access without proper authentication. This vulnerability can compromise the integrity of network communications and user authentication, highlighting the importance of system updates to mitigate such risks.

Affected Version(s)

OpenBSD 0 < 076e2b1c1fc4ac0883a72d3544131ad5cee7adf8

References

https://blog.argus-systems.ai/blog/openbsd-pap-27-year-au...

https://www.openwall.com/lists/oss-security/2026/06/16/9

https://github.com/openbsd/src/commit/076e2b1c1fc4ac0883a...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 17, 2026

CVE-2026-55706 Data

JSON