Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
OpenSSH Crash or Code Execution from Malicious Usernames
USN-8090-1
Summary
OpenSSH has two security issues that could allow an attacker to crash the service or execute malicious code on a server. This could happen if an attacker sends a specially crafted username or uses a malicious URL to connect to the server. To fix this, update to the latest version of OpenSSH.
What to do
- Update canonical openssh to version 1:8.9p1-3ubuntu0.14.
- Update canonical openssh to version 1:9.6p1-3ubuntu13.15.
- Update canonical openssh to version 1:10.0p1-5ubuntu5.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| canonical | openssh | <= 1:8.9p1-3ubuntu0.14 | 1:8.9p1-3ubuntu0.14 |
| canonical | openssh | <= 1:9.6p1-3ubuntu13.15 | 1:9.6p1-3ubuntu13.15 |
| canonical | openssh | <= 1:10.0p1-5ubuntu5.1 | 1:10.0p1-5ubuntu5.1 |
Original title
openssh vulnerabilities
Original description
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)
- https://ubuntu.com/security/notices/USN-8090-1 Vendor Advisory
- https://ubuntu.com/security/CVE-2025-61984 Third Party Advisory
- https://ubuntu.com/security/CVE-2025-61985 Third Party Advisory
- https://ubuntu.com/security/CVE-2026-3497 Third Party Advisory
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026