CVE-2026-55655

🔶 medium

Summary

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.

CVSS Score

5.0

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2026-06-23

First Seen: 2026-06-25

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.2% of all 330,193 vulnerabilities in our database.

#266,649

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jun 23, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-25

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CWE IDs (Weakness Types)

CWE-923

📦 Affected Products 6

Vendor	Product	Status	Affected Versions
openbsd	openssh	Affected	v-
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-55655

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2462250

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-55653	🔶 medium	4.3	0.2	A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group ...	2026-06-23
CVE-2026-55654	ℹ️ low	3.7	0.3	A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic...	2026-06-23
CVE-2026-11791	🔶 medium	5.0	0.3	A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees...	2026-06-18
CVE-2026-1764	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf...	2026-06-16
CVE-2026-1766	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke...	2026-06-16
CVE-2026-1767	🔶 medium	5.6	0.2	A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo...	2026-06-16

These CVEs affect the same products