OpenSSH < 10.4 Multiple Vulnerabilities

high Nessus Plugin ID 326244

Synopsis

The SSH server running on the remote host is affected by multiple vulnerabilities.

Description

The version of OpenSSH installed on the remote host is prior to 10.4. It is, therefore, affected by multiple vulnerabilities, including:

- ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side. (CVE-2026-60002)

- sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay. (CVE-2026-60001)

- In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not. (CVE-2026-59999)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to OpenSSH version 10.4 or later.

See Also

https://www.openssh.org/releasenotes.html#10.4p1

Plugin Details

Severity: High

ID: 326244

File Name: openssh_10_4.nasl

Version: 1.1

Type: Remote

Family: Misc.

Published: 7/10/2026

Updated: 7/10/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

Percentile: 57.61

CVSS v2

Risk Factor: High

Base Score: 7.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:P

CVSS Score Source: CVE-2026-60002

CVSS v3

Risk Factor: High

Base Score: 7.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Vulnerability Information

CPE: cpe:/a:openbsd:openssh

Required KB Items: installed_sw/OpenSSH

Patch Publication Date: 7/6/2026

Vulnerability Publication Date: 7/6/2026

Reference Information

CVE: CVE-2026-59995, CVE-2026-59996, CVE-2026-59997, CVE-2026-59998, CVE-2026-59999, CVE-2026-60000, CVE-2026-60001, CVE-2026-60002