CVE-2026-46595
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
CVE-2026-46595 is a vulnerability in SSH server that bypasses source-address validation when callbacks other than public key are used. The fix for CVE-2024-45337 was incomplete, allowing attackers to bypass authorization.
Risk Assessment
The organization faces risk of unauthorized access to SSH servers, potentially leading to system compromise and data breaches.
Recommendation
Immediately update the SSH server to a patched version addressing CVE-2026-46595 and review callback configurations to use only public key methods.
Original NVD description (English source)
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

