Openssh · Openssh · CVE-2025-26466
**Name of the Vulnerable Software and Affected Versions**
OpenSSH versions 9.5p1 through 9.9p1
**Description**
The issue is related to an uncontrolled consumption of resources in OpenSSH, which can be exploited by a remote attacker to cause a denial of service. This can be achieved through memory exhaustion or CPU consumption. The vulnerability affects both servers and clients and was introduced in August 2023. It is related to the handling of SSH2 MSG PING packets and can be exploited before authentication.
**Recommendations**
For OpenSSH versions 9.5p1 through 9.9p1, upgrade to OpenSSH 9.9p2 immediately to mitigate the threat.
Review SSH configurations to ensure security settings are properly enforced.
As a temporary workaround, consider using the existing PerSourcePenalties feature to mitigate the condition.