VDB
CLEANSTART-2026-SO95938
CLEANSTART-2026-SO95938
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CleanStart | argo-workflows-fips | 0, 0 |
Timeline
- Jan 30, 2026 CVE Published
- Mar 9, 2026 CVE Updated
References
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SO95938.json advisory
- https://osv.dev/vulnerability/CVE-2025-0913 url
- https://osv.dev/vulnerability/CVE-2025-4673 url
- https://osv.dev/vulnerability/CVE-2025-47907 url
- https://osv.dev/vulnerability/CVE-2025-58181 url
- https://osv.dev/vulnerability/CVE-2025-62156 url
- https://osv.dev/vulnerability/CVE-2025-62157 url
- https://osv.dev/vulnerability/GHSA-c2hv-4pfj-mm2r url
- https://osv.dev/vulnerability/GHSA-p84v-gxvw-73pf url
- https://nvd.nist.gov/vuln/detail/CVE-2025-0913 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-4673 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-47907 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-58181 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-62156 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-62157 url
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SO95938 advisory
- https://osv.dev/vulnerability/GHSA-C2HV-4PFJ-MM2R url
- https://osv.dev/vulnerability/GHSA-P84V-GXVW-73PF url