CVE-2026-55653 Red Hat CVE debrief

Who should care

Organizations using OpenSSH, particularly those with Red Hat Enterprise Linux, OpenShift Container Platform, or Hardened Images deployments, should prioritize patching this vulnerability. The vulnerability's medium severity and potential for Denial of Service (DoS) attacks make it essential for teams to assess their exposure and apply mitigations.

Technical summary

The CVE-2026-55653 vulnerability is caused by a double free in the Diffie-Hellman Group Exchange (DH-GEX) client path of OpenSSH. This occurs during FIPS mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. The vulnerability is classified under CWE-415 and has a CVSS score of 4.3, indicating a medium severity level. The attack vector is network-based, and the vulnerability requires low attack complexity and no user interaction.

Defensive priority

Apply patches or updates provided by OpenSSH or Red Hat to fix the double free vulnerability. Restrict access to SSH servers and implement network segmentation to limit the attack surface.

Recommended defensive actions

• Apply patches or updates provided by OpenSSH or Red Hat to fix the double free vulnerability.
• Restrict access to SSH servers and implement network segmentation to limit the attack surface.
• Monitor SSH server logs for suspicious activity and implement additional security measures, such as multi-factor authentication.
• Review and update incident response plans to address potential Denial of Service (DoS) attacks.
• Perform thorough vulnerability assessments to identify and address potential exposure.

Evidence notes

The CVE-2026-55653 vulnerability was publicly disclosed on June 23, 2026, and has since been modified on June 25, 2026. The vulnerability affects multiple Red Hat products, including OpenShift Container Platform, Enterprise Linux, and Hardened Images. The CVSS score of 4.3 indicates a medium severity level.

Official resources