securityonline.info 7/8/2026, 5:09:26 PM · external

OpenSSH 10.4 fixes critical CVE-2026-60002 and other bugs

OpenSSH 10.4 fixes critical CVE-2026-60002 and other bugs
CyberSIXT Evidence Panel
Primary Source openssh.org
CISA KEV Not in KEV
Patch Patch Status Unknown

ON July 6, OpenSSH 10.4 was released, addressing eight security vulnerabilities, with the most critical being CVE-2026-60002, a client-side use-after-free issue rated at 7.7. Other vulnerabilities involve risks during file transfers and weak server security defaults. These flaws could allow attackers to manipulate server-client interactions, affecting a large number of users since OpenSSH is widely utilized for secure shell (SSH) communication.

Administrators are urged to upgrade to version 10.4 to mitigate these risks and review their SSH configurations. As of now, there have been no reported exploits in the wild.

View Primary Source Via securityonline.info

Article by CyberSIXT