Use-After-Free Vulnerability in OpenSSH Client due to Host Key Change
CVE-2026-60002
7.7HIGH
What is CVE-2026-60002?
A use-after-free vulnerability exists in the OpenSSH client versions before 10.4, specifically occurring when a server modifies its host key during a key re-exchange process. This flaw particularly affects the client side, leading to potential unexpected behaviors and security implications if exploited.
Affected Version(s)
OpenSSH 0 < 10.4