CVE-2026-55653 | A flaw was found in OpenSSH. A malicious SSH server can expl… | CVSS 4.3 MEDIUM

Description

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).

Metadata

CVE ID: CVE-2026-55653
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-16 23:55 UTC
Published: 2026-06-23 03:36 UTC
Last updated: 2026-06-23 03:36 UTC
Primary CWE: CWE-415
Double Free
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Affected products (7)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat Hardened Images	—	—
Red Hat	Red Hat OpenShift Container Platform 4	—	—

Weakness (CWE)

CWE	Source	Description
CWE-415	cna	Double Free

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References (2)