CVE-2026-3497

medium

Description

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.

References

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3497.json

https://bugzilla.redhat.com/show_bug.cgi?id=2447085

https://access.redhat.com/security/cve/CVE-2026-3497

https://access.redhat.com/errata/RHSA-2026:9732

https://access.redhat.com/errata/RHSA-2026:9415

https://access.redhat.com/errata/RHSA-2026:7107

https://access.redhat.com/errata/RHSA-2026:6463

https://access.redhat.com/errata/RHSA-2026:6462

https://access.redhat.com/errata/RHSA-2026:6461

https://access.redhat.com/errata/RHSA-2026:5475

https://access.redhat.com/errata/RHSA-2026:25096

https://access.redhat.com/errata/RHSA-2026:21695

https://access.redhat.com/errata/RHSA-2026:21690

https://access.redhat.com/errata/RHSA-2026:20087

https://access.redhat.com/errata/RHSA-2026:20040

https://access.redhat.com/errata/RHSA-2026:19725

https://access.redhat.com/errata/RHSA-2026:19724

https://access.redhat.com/errata/RHSA-2026:17596

https://access.redhat.com/errata/RHSA-2026:16174

https://access.redhat.com/errata/RHSA-2026:16030

https://access.redhat.com/errata/RHSA-2026:16009

https://access.redhat.com/errata/RHSA-2026:16008

https://access.redhat.com/errata/RHSA-2026:15893

https://access.redhat.com/errata/RHSA-2026:15891

https://access.redhat.com/errata/RHSA-2026:15087

https://access.redhat.com/errata/RHSA-2026:14924

https://access.redhat.com/errata/RHSA-2026:14773

https://access.redhat.com/errata/RHSA-2026:13812

https://access.redhat.com/errata/RHSA-2026:13750

https://access.redhat.com/errata/RHSA-2026:12071

https://access.redhat.com/errata/RHSA-2026:10714

https://access.redhat.com/errata/RHSA-2026:10065

Details

Source: Mitre, NVD

Published: 2026-03-12

Updated: 2026-07-15

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.0006