CVE-2026-55654 - Vulnerability Details

Description

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.

Published: 2026-06-23

Score: 3.7 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A heap out‑of‑bounds read flaw exists in OpenSSH, triggered during the cleanup of GSSAPI indicator arrays when a trailing NULL terminator is omitted. The vulnerability is a CWE‑125 boundary error that can cause the SSH authentication process to crash or abort. The crash disables the SSH service, resulting in a denial of service for users attempting to log in over SSH.

Affected Systems

Red Hat Enterprise Linux 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected by the version of OpenSSH that contains the flaw. The affected component is the GSSAPI authentication module within OpenSSH; specific patch levels are not enumerated in the data set.

Risk and Exploitability

The CVSS score of 3.7 indicates a moderate severity and the absent EPSS score means the exploitation likelihood is uncertain. The vulnerability is not listed in the CISA KEV catalog, suggesting no known public exploits. The attack vector is inferred to be a remote attacker who can configure SSH to use GSSAPI authentication in a Kerberos environment, triggering the crash. The primary impact is a loss of service availability for the SSH daemon.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor	Product	Default status	Versions
Red Hat	Red Hat Enterprise Linux 10	affected	—
Red Hat	Red Hat Enterprise Linux 6	affected	—
Red Hat	Red Hat Enterprise Linux 7	affected	—
Red Hat	Red Hat Enterprise Linux 8	affected	—
Red Hat	Red Hat Enterprise Linux 9	affected	—
Red Hat	Red Hat Hardened Images	affected	—
Red Hat	Red Hat OpenShift Container Platform 4	unknown	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Red Hat package updates that contain the OpenSSH fix for the GSSAPI indicator cleanup bug
If the patch cannot be applied immediately, disable GSSAPIAuthentication in the sshd configuration to prevent the flaw from being triggered
Restrict SSH authentication to methods that do not rely on GSSAPI or Kerberos when it is not required, and validate that the sshd service remains operational after configuration changes

Generated by OpenCVE AI on June 23, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-55654
https://bugzilla.redhat.com/show_bug.cgi?id=2462493

History

Tue, 23 Jun 2026 03:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.
Title		Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination
First Time appeared		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift
Weaknesses		CWE-125
CPEs		cpe:/a:redhat:hummingbird:1 cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat hummingbird Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2026-55654 https://bugzilla.redhat.com/show_bug.cgi?id=2462493
Metrics		cvssV3_1 `{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

Subscriptions

Redhat Enterprise Linux Hummingbird Openshift

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-23T03:37:00.160Z

Updated: 2026-06-23T03:37:00.160Z

Reserved: 2026-06-16T23:55:05.737Z

Link: CVE-2026-55654

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-23T04:30:16Z

Weaknesses

CWE-125
Out-of-bounds Read

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object