CVE-2026-55654 Red Hat CVE debrief

Who should care

System administrators and security teams responsible for OpenSSH and Red Hat Enterprise Linux systems should be aware of this vulnerability. Although the CVSS score is low, the potential for denial of service attacks makes it important to apply patches or mitigations. Red Hat Enterprise Linux 6, 7, 8, 9, and 10 are affected, as well as OpenSSH and Red Hat Hardened Images.

Technical summary

The vulnerability is caused by a heap out-of-bounds read in OpenSSH during the cleanup of GSSAPI indicators. This occurs when a trailing NULL termination is missing in the auth-indicators array. The vulnerability can be exploited by a remote attacker under specific configurations involving GSSAPI authentication and a Kerberos environment. The exploit can cause the SSH authentication path to crash or abort, leading to a denial of service (DoS). The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.

Defensive priority

Apply patches or mitigations provided by Red Hat for affected products. Monitor SSH service logs for potential exploitation attempts.

Recommended defensive actions

• Apply patches or updates provided by Red Hat for OpenSSH and affected Red Hat Enterprise Linux versions.
• Implement network monitoring to detect potential exploitation attempts.
• Review and update SSH configurations to limit exposure to GSSAPI authentication and Kerberos environments.
• Consider implementing compensating controls, such as rate limiting or IP blocking, to mitigate potential attacks.
• Monitor system logs for signs of exploitation or crashes related to SSH.

Evidence notes

The CVE-2026-55654 vulnerability was publicly disclosed on June 23, 2026, and last modified on June 25, 2026. The vulnerability affects OpenSSH and multiple versions of Red Hat Enterprise Linux. Red Hat has provided advisories and patches for affected products. The CVSS score for this vulnerability is 3.7, indicating a low severity.

Official resources