7.5
CVE-2026-59999
- EPSS 0.13%
- Veröffentlicht 08.07.2026 00:13:08
- Zuletzt bearbeitet 09.07.2026 16:52:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In sshd in OpenSSH before 10.4, DisableForwarding=yes was supposed to take precedence over PermitTunnel=yes, but did not.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.031 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| cve@mitre.org | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
CWE-348 Use of Less Trusted Source
The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
https://www.openwall.com/lists/oss-security/2026/07/06/5
https://marc.info/?l=openssh-unix-dev&m=178333966933090&w=2
https://www.openssh.org/releasenotes.html#10.4p1