Denial of Service Vulnerability in OpenSSH by OpenBSD
CVE-2026-60000

3.7LOW

Key Information:

Vendor

OpenBSD

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-60000?

A vulnerability in OpenSSH's handling of GSSAPIAuthentication allows remote attackers to consume system resources, leading to a potential denial of service. The issue arises from improper management of the MaxAuthTries setting, enabling malicious actors to exploit excessive authentication attempts to overwhelm the service. It's crucial for users of OpenSSH to upgrade to version 10.4 or later to mitigate this risk.

Affected Version(s)

OpenSSH 0 < 10.4

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.