CVE Catalog

CVE-2026-46595

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

CVE-2026-46595 is a vulnerability in SSH server that bypasses source-address validation when callbacks other than public key are used. The fix for CVE-2024-45337 was incomplete, allowing attackers to bypass authorization.

Risk Assessment

The organization faces risk of unauthorized access to SSH servers, potentially leading to system compromise and data breaches.

Recommendation

Immediately update the SSH server to a patched version addressing CVE-2026-46595 and review callback configurations to use only public key methods.

Original NVD description (English source)

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS