Main Vulnerability Database Vulnerabilities #VU124014

Resource management error in openssh-server (Ubuntu package) - CVE-2026-3497

Published: March 13, 2026

Vulnerability identifier: #VU124014

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-3497

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Canonical Ltd.

Affected software:
openssh-server (Ubuntu package)

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of disconnecting clients in OpenSSH GSSAPI Key Exchange when GSSAPIKeyExchange setting is enabled. An authenticated user can crash the OpenSSH server or potentially execute arbitrary code.

How to mitigate CVE-2026-3497

Install updates from vendor's website.

Sources

https://www.openwall.com/lists/oss-security/2026/03/12/3

Resource management error in openssh-server (Ubuntu package) - CVE-2026-3497

Detailed vulnerability description

How to mitigate CVE-2026-3497

Sources

Please verify you're human