High7.7Red Hat & Ubuntu Linux Updated
Use-after-free vulnerability during host key re-exchange on the client side
CVE-2026-60002 Published Jul 8, 2026Updated by vendor Jul 8, 2026
CVE-2026-60002
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Use-after-free vulnerability during host key re-exchange on the client side. Red Hat rates this important (CVSS 7.7). Weakness: CWE-825. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- To mitigate this issue, OpenSSH clients should only connect to trusted SSH servers. Enforcing strict host key checking and carefully managing `known_hosts` files can help prevent connections to servers with unexpected or altered host keys, thereby reducing exposure to this client-side vulnerability.
Official advisory · high-confidence parse· fetched 47 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.