Protection mechanism failure in OpenSSH - CVE-2026-60001
Published: July 15, 2026
OpenSSH
Detailed vulnerability description
The vulnerability allows a remote attacker to weaken authentication rate limiting.
The vulnerability exists due to improper enforcement of security policy in sshd(8) when handling authentication attempts. A remote attacker can send authentication attempts to weaken authentication rate limiting.
The issue affects cases where the minimum authentication delay was not enforced.