Vulnerability in Openbsd Openssh
CVE-2026-3497
Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of ssh…
EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Openbsd Openssh
- Canonical Ubuntu_linux — versions 25.10, 20.04, 22.04
- Debian Debian_linux — versions 11.0
- Redhat Enterprise_linux — versions 8.0, 9.0, 10.0
- Ubuntu Openssh — versions 1:10.0p1-5ubuntu5, 1:9.6p1-3ubuntu13, 1:8.9p1-3
Weakness classification (CWE)
References
- security@ubuntu.com (Third Party Advisory, vdb-entry)
- security@ubuntu.com (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
- af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2026-3497?
- CVE-2026-3497 is a high-severity vulnerability in Openbsd Openssh, classified under Use of Uninitialized Resource. CVSS score: 7.5/10. Published 2026-03-12.
- How severe is CVE-2026-3497?
- High severity. CVSS v3 base score is 7.5 out of 10.