openbsd

Top products

The 15 most recently published vulnerabilities affecting openbsd.

• CVE-2026-56099OpenBSD mpls_do_error Kernel Stack Memory Disclosure via MPLS Input5.3Jun 18, 2026
• CVE-2026-55706sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.5.8Jun 17, 2026
• CVE-2026-41285In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd...4.3Apr 20, 2026
• CVE-2026-35414OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma ch...4.2Apr 2, 2026
• CVE-2026-35388OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.2.5Apr 2, 2026
• CVE-2026-35387OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.3.1Apr 2, 2026
• CVE-2026-35386In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and a...3.6Apr 2, 2026
• CVE-2026-35385In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protoco...7.5Apr 2, 2026
• CVE-2026-3497Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH...7.5Mar 12, 2026
• CVE-2025-61984ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untr...3.6Oct 6, 2025
• CVE-2025-61985ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.3.6Oct 6, 2025
• CVE-2025-32728In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.4.3Apr 10, 2025
• CVE-2025-30334OpenBSD wg(4) kernel crash6.5Mar 20, 2025
• CVE-2025-26466Openssh: denial-of-service in openssh5.9Feb 28, 2025
• CVE-2025-26465Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled6.8Feb 18, 2025