Denial of Service Vulnerability in OpenSSH by OpenBSD
CVE-2026-60000
3.7LOW
What is CVE-2026-60000?
A vulnerability in OpenSSH's handling of GSSAPIAuthentication allows remote attackers to consume system resources, leading to a potential denial of service. The issue arises from improper management of the MaxAuthTries setting, enabling malicious actors to exploit excessive authentication attempts to overwhelm the service. It's crucial for users of OpenSSH to upgrade to version 10.4 or later to mitigate this risk.
Affected Version(s)
OpenSSH 0 < 10.4