CLEANSTART-2026-WE92783

CLEANSTART-2026-WE92783 PUBLISHED CVSS 9.800000190734863 CRITICAL

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
CleanStart	argo-workflows-fips	0, 0

Timeline

Jan 30, 2026 CVE Published
Mar 9, 2026 CVE Updated

References

https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WE92783.json advisory
https://osv.dev/vulnerability/CVE-2025-47914 url
https://osv.dev/vulnerability/CVE-2025-58181 url
https://nvd.nist.gov/vuln/detail/CVE-2025-47914 url
https://nvd.nist.gov/vuln/detail/CVE-2025-58181 url
https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WE92783 advisory

Open in Interactive Console →