VDB
CLEANSTART-2026-WA03785
CLEANSTART-2026-WA03785
PUBLISHED
CVSS 9.800000190734863 CRITICAL
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CleanStart | argo-workflows-fips | 0, 0 |
Timeline
- Jan 30, 2026 CVE Published
- Mar 9, 2026 CVE Updated
References
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WA03785.json advisory
- https://osv.dev/vulnerability/CVE-2025-0913 url
- https://osv.dev/vulnerability/CVE-2025-4673 url
- https://osv.dev/vulnerability/CVE-2025-47907 url
- https://osv.dev/vulnerability/CVE-2025-47914 url
- https://osv.dev/vulnerability/CVE-2025-58181 url
- https://osv.dev/vulnerability/CVE-2025-62156 url
- https://osv.dev/vulnerability/CVE-2025-62157 url
- https://osv.dev/vulnerability/GHSA-c2hv-4pfj-mm2r url
- https://osv.dev/vulnerability/GHSA-cfpf-hrx2-8rv6 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-0913 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-4673 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-47907 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-47914 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-58181 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-62156 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-62157 url
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WA03785 advisory
- https://osv.dev/vulnerability/GHSA-C2HV-4PFJ-MM2R url
- https://osv.dev/vulnerability/GHSA-CFPF-HRX2-8RV6 url