This is nice to know. OpenSSH is an important tool for network admins and security admins. To have problems with it is really an issue for access, very secure access for administering the systems, networks, machines and edge devices.

Rothbardian_fanatic

security

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released.

Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow miscreants to perform machine-in-the-middle (MitM) attacks on the OpenSSH client and pre-authentication denial-of-service (DoS) attacks.

Patches for CVE-2025-26465 and CVE-2025-26466 were released this morning. Although their respective severity scores (6.8 and 5.9) don't necessarily scream "patch me right away" – it certainly doesn't seem as bad as last year's regreSSHion issue – they're both likely to raise some degree of concern given the tool's prominence.