Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.
https://www.openwall.com/lists/oss-security/2026/03/12/3
https://ubuntu.com/security/CVE-2026-3497
https://lists.debian.org/debian-lts-announce/2026/04/msg00014.html
http://www.openwall.com/lists/oss-security/2026/03/18/7
http://www.openwall.com/lists/oss-security/2026/03/18/5
http://www.openwall.com/lists/oss-security/2026/03/18/4
http://www.openwall.com/lists/oss-security/2026/03/18/2
http://www.openwall.com/lists/oss-security/2026/03/14/4
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json
https://bugzilla.redhat.com/show_bug.cgi?id=2447085
https://access.redhat.com/security/cve/CVE-2026-3497
https://access.redhat.com/errata/RHSA-2026:9732
https://access.redhat.com/errata/RHSA-2026:9415
https://access.redhat.com/errata/RHSA-2026:7107
https://access.redhat.com/errata/RHSA-2026:6463
https://access.redhat.com/errata/RHSA-2026:6462
https://access.redhat.com/errata/RHSA-2026:6461
https://access.redhat.com/errata/RHSA-2026:5475
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:21695
https://access.redhat.com/errata/RHSA-2026:21690
https://access.redhat.com/errata/RHSA-2026:20087
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:19725
https://access.redhat.com/errata/RHSA-2026:19724
https://access.redhat.com/errata/RHSA-2026:17596
https://access.redhat.com/errata/RHSA-2026:16174
https://access.redhat.com/errata/RHSA-2026:16030
https://access.redhat.com/errata/RHSA-2026:16009
https://access.redhat.com/errata/RHSA-2026:16008
https://access.redhat.com/errata/RHSA-2026:15893
https://access.redhat.com/errata/RHSA-2026:15891
https://access.redhat.com/errata/RHSA-2026:15087
https://access.redhat.com/errata/RHSA-2026:14924
https://access.redhat.com/errata/RHSA-2026:14773
https://access.redhat.com/errata/RHSA-2026:13812
https://access.redhat.com/errata/RHSA-2026:13750
https://access.redhat.com/errata/RHSA-2026:12071
Published: 2026-03-12
Updated: 2026-07-15
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Severity: High
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: High
Base Score: 6.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Severity: Medium
EPSS: 0.0006