CVE-2026-0966

CVE-2026-0966

The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.

Published Feb 27, 2026

https://access.redhat.com/security/cve/cve-2026-0966

CVSS ScoreMedium

6.5

Vulnerabilities

CVE-2026-0966

Published Feb 27, 2026

https://access.redhat.com/security/cve/cve-2026-0966

CVSS ScoreMedium

6.5

CVE-2026-0966 Security Details

CVE ID: CVE-2026-0966
CWE: CWE-124
CVE Description: The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.
Published: Feb 27, 2026
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score: 0.103%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://access.redhat.com/security/cve/cve-2026-0966THIRD_PARTY

CVE-2026-0966 Security Details

CVE ID: CVE-2026-0966
CWE: CWE-124
CVE Description: The API function `ssh_get_hexa()` is vulnerable, when 0-lenght input is provided to this function. This function is used internally in `ssh_get_fingerprint_hash()` and `ssh_print_hexa()` (deprecated), which is vulnerable to the same input (length is provided by the calling application). The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.
Published: Feb 27, 2026
CVSS Score & Severity: 6.5Medium
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score: 0.103%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://access.redhat.com/security/cve/cve-2026-0966THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2026-0966

CVE-2026-0966 Security Details

CVE-2026-0966 Security Details