CVE-2026-3497 | OpenSSH on Ubuntu GSSAPI Message sshpkt_disconnect uninitialized resource

A vulnerability was found in OpenSSH up to 18.9p1-3ubuntu0.13/19.6p1-3ubuntu13.14/110.0p1-5ubuntu5.0 on Ubuntu. It has been rated as critical. This vulnerability affects the function sshpkt_disconnect of the component GSSAPI Message Handler. This manipulation causes uninitialized resource.

The identification of this vulnerability is CVE-2026-3497. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More