Authentication Delay Bypass in OpenSSH by OpenSSH
CVE-2026-60001
6.5MEDIUM
What is CVE-2026-60001?
OpenSSH versions prior to 10.4 have a vulnerability in the sshd component that does not consistently enforce the minimum authentication delay intended to mitigate brute-force attacks. This oversight could allow an attacker to exploit the timing of authentication attempts, potentially facilitating unauthorized access and compromising the integrity of the system. Upgrading to the latest version is highly recommended to ensure robust security practices.
Affected Version(s)
OpenSSH 0 < 10.4