CVE-2026-59998

Summary

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.

Affected Software

VendorProductVersion RangeStatus
OpenBSDOpenSSH0 < 10.4affected

Weaknesses

  • CWE-573: CWE-573 Improper Following of Specification by Caller

References