Packages
- openssh - secure shell (SSH) for secure access to remote machines
Details
It was discovered that OpenSSH sftp did not properly constrain the location
of downloaded files when connecting to an attacker-controlled server. An
attacker could possibly use this issue to write files to unintended
locations on the file system. (CVE-2026-59995)
It was discovered that OpenSSH scp could place files in the parent
directory of the intended destination when copying between two remote
hosts. An attacker could possibly use this issue to write files to
unintended locations. (CVE-2026-59996)
It was discovered that OpenSSH internal-sftp only recognized the first nine
command-line arguments, This could result in certain security-sensitive
arguments being ignored, contrary to expectations. (CVE-2026-59997)
It was discovered that OpenSSH had undocumented behaviour regarding...
It was discovered that OpenSSH sftp did not properly constrain the location
of downloaded files when connecting to an attacker-controlled server. An
attacker could possibly use this issue to write files to unintended
locations on the file system. (CVE-2026-59995)
It was discovered that OpenSSH scp could place files in the parent
directory of the intended destination when copying between two remote
hosts. An attacker could possibly use this issue to write files to
unintended locations. (CVE-2026-59996)
It was discovered that OpenSSH internal-sftp only recognized the first nine
command-line arguments, This could result in certain security-sensitive
arguments being ignored, contrary to expectations. (CVE-2026-59997)
It was discovered that OpenSSH had undocumented behaviour regarding the
GSSAPIStrictAcceptorCheck option in environments using Windows Active
Directory. The documentation has been updated to clarify use of the option.
(CVE-2026-59998)
It was discovered that OpenSSH did not properly enforce precedence of
DisableForwarding=yes over PermitTunnel=yes in server configurations. This
could possibly result in intended network forwarding restrictions being
bypassed, contrary to expectations. (CVE-2026-59999)
It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI
authentication. A remote attacker could use this issue to perform excessive
authentication attempts. (CVE-2026-60000)
It was discovered that OpenSSH did not always honour the minimum
authentication delay. An attacker could possibly use this issue to perform
brute-force attacks more efficiently. (CVE-2026-60001)
It was discovered that the OpenSSH client had a use-after-free
vulnerability when a server changed its host key during a key re-exchange.
An attacker able to intercept communications could possibly use this issue
to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | openssh-client – 1:10.2p1-2ubuntu3.4 | ||
| openssh-server – 1:10.2p1-2ubuntu3.4 | |||
| 24.04 LTS noble | openssh-client – 1:9.6p1-3ubuntu13.18 | ||
| openssh-server – 1:9.6p1-3ubuntu13.18 | |||
| 22.04 LTS jammy | openssh-client – 1:8.9p1-3ubuntu0.16 | ||
| openssh-server – 1:8.9p1-3ubuntu0.16 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.