ON July 6, OpenSSH 10.4 was released, addressing eight security vulnerabilities, with the most critical being CVE-2026-60002, a client-side use-after-free issue rated at 7.7. Other vulnerabilities involve risks during file transfers and weak server security defaults. These flaws could allow attackers to manipulate server-client interactions, affecting a large number of users since OpenSSH is widely utilized for secure shell (SSH) communication.
Administrators are urged to upgrade to version 10.4 to mitigate these risks and review their SSH configurations. As of now, there have been no reported exploits in the wild.