CVE-2025-26466

Reference Links

• https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
• https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26466
• https://nvd.nist.gov/vuln/detail/CVE-2025-26466
• https://launchpad.net/bugs/cve/CVE-2025-26466
• https://security-tracker.debian.org/tracker/CVE-2025-26466
• https://ubuntu.com/security/CVE-2025-26466
• https://www.openssh.com/releasenotes.html#9.9p2
• https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
• https://github.com/openssh/openssh-portable/commit/dce6d80d2ed3cad2c516082682d5f6ca877ef714
• https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2025-26465

Frequently Asked Questions

• What is the severity of CVE-2025-26466?

  CVE-2025-26466 is classified as a Denial of Service vulnerability due to asymmetric resource consumption affecting memory and CPU.

• How do I fix CVE-2025-26466?

  To mitigate CVE-2025-26466, update to versions 1:9.9p1-3 or later of the OpenSSH package.

• Which versions of OpenSSH are affected by CVE-2025-26466?

  CVE-2025-26466 affects OpenSSH versions up to and including 1:9.9p1-3.

• Can CVE-2025-26466 be exploited remotely?

  Yes, CVE-2025-26466 can be exploited remotely, leading to resource exhaustion on the server.

• What are the potential impacts of CVE-2025-26466?

  The potential impacts of CVE-2025-26466 include service disruption due to excessive consumption of server resources.