CVE-2026-60002

Summary

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. (This outcome occurs only on the client side.)

Affected Software

VendorProductVersion RangeStatus
OpenBSDOpenSSH0 < 10.4affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

References