Zero Day MonitorZDM

← Back to list

4.3

CVE-2026-55653

red hat · red hat enterprise linux

Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

Description

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS).

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	openssh	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-55653(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2462351(issue-tracking, x_refsource_REDHAT)

Related News (3 articles)

Tier A

Microsoft MSRC4h ago

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

→ No new info (linked only)

Tier B

BSI Advisories5d ago

[NEU] [mittel] OpenSSH: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-55653 | OpenSSH Diffie-Hellman Group Exchange double free

→ No new info (linked only)

CVSS 3.14.3 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-415

PublishedJun 23, 2026

Last enriched5d agov2

Trending Score35

Source articles3

Independent3

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-9800EXP

Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

NONECVE-2026-9086EXP

Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

NONECVE-2026-9083EXP

Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

NONECVE-2026-55655

Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

CRITICALCVE-2026-12992EXP

Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 23, 2026

Discovered by ZDM

Jun 23, 2026

Updated: description

Jun 23, 2026

Version History

v2

Last enriched 5d ago

v2Tier C5d ago

Updated description with additional details and confirmed no exploit is available.

description

via VulDB

v15d ago

Initial creation