USN-8533-1

Source
https://ubuntu.com/security/notices/USN-8533-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8533-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-8533-1
Upstream
Related
Published
2026-07-13T13:07:08Z
Modified
2026-07-13T20:44:21.689920853Z
Summary
openssh vulnerabilities
Details

It was discovered that OpenSSH sftp did not properly constrain the location of downloaded files when connecting to an attacker-controlled server. An attacker could possibly use this issue to write files to unintended locations on the file system. (CVE-2026-59995)

It was discovered that OpenSSH scp could place files in the parent directory of the intended destination when copying between two remote hosts. An attacker could possibly use this issue to write files to unintended locations. (CVE-2026-59996)

It was discovered that OpenSSH internal-sftp only recognized the first nine command-line arguments, This could result in certain security-sensitive arguments being ignored, contrary to expectations. (CVE-2026-59997)

It was discovered that OpenSSH had undocumented behaviour regarding the GSSAPIStrictAcceptorCheck option in environments using Windows Active Directory. The documentation has been updated to clarify use of the option. (CVE-2026-59998)

It was discovered that OpenSSH did not properly enforce precedence of DisableForwarding=yes over PermitTunnel=yes in server configurations. This could possibly result in intended network forwarding restrictions being bypassed, contrary to expectations. (CVE-2026-59999)

It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI authentication. A remote attacker could use this issue to perform excessive authentication attempts. (CVE-2026-60000)

It was discovered that OpenSSH did not always honour the minimum authentication delay. An attacker could possibly use this issue to perform brute-force attacks more efficiently. (CVE-2026-60001)

It was discovered that the OpenSSH client had a use-after-free vulnerability when a server changed its host key during a key re-exchange. An attacker able to intercept communications could possibly use this issue to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)

References

Affected packages

Ubuntu:22.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:8.9p1-3ubuntu0.16

Affected versions

1:8.*
1:8.4p1-6ubuntu2
1:8.7p1-2
1:8.7p1-2build1
1:8.7p1-4
1:8.8p1-1
1:8.9p1-3
1:8.9p1-3ubuntu0.1
1:8.9p1-3ubuntu0.3
1:8.9p1-3ubuntu0.4
1:8.9p1-3ubuntu0.5
1:8.9p1-3ubuntu0.6
1:8.9p1-3ubuntu0.7
1:8.9p1-3ubuntu0.10
1:8.9p1-3ubuntu0.11
1:8.9p1-3ubuntu0.13
1:8.9p1-3ubuntu0.14
1:8.9p1-3ubuntu0.15

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "openssh-tests"
        },
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:8.9p1-3ubuntu0.16",
            "binary_name": "ssh-askpass-gnome"
        }
    ]
}

Database specific

cves_map
{
    "ecosystem": "Ubuntu:22.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-59995"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-59996"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59997"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59998"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59999"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-60000"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-60001"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-60002"
        }
    ]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8533-1.json"

Ubuntu:24.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:9.6p1-3ubuntu13.18

Affected versions

1:9.*
1:9.3p1-1ubuntu3
1:9.4p1-1ubuntu1
1:9.6p1-3ubuntu1
1:9.6p1-3ubuntu2
1:9.6p1-3ubuntu11
1:9.6p1-3ubuntu12
1:9.6p1-3ubuntu13
1:9.6p1-3ubuntu13.3
1:9.6p1-3ubuntu13.4
1:9.6p1-3ubuntu13.5
1:9.6p1-3ubuntu13.7
1:9.6p1-3ubuntu13.8
1:9.6p1-3ubuntu13.9
1:9.6p1-3ubuntu13.11
1:9.6p1-3ubuntu13.12
1:9.6p1-3ubuntu13.13
1:9.6p1-3ubuntu13.14
1:9.6p1-3ubuntu13.15
1:9.6p1-3ubuntu13.16

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "openssh-tests"
        },
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:9.6p1-3ubuntu13.18",
            "binary_name": "ssh-askpass-gnome"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map
{
    "ecosystem": "Ubuntu:24.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-59995"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59996"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59997"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-59998"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59999"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-60000"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-60001"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-60002"
        }
    ]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8533-1.json"

Ubuntu:26.04:LTS / openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:10.2p1-2ubuntu3.4

Affected versions

1:10.*
1:10.0p1-5ubuntu5
1:10.2p1-2ubuntu1
1:10.2p1-2ubuntu3
1:10.2p1-2ubuntu3.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-client"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-client-gssapi"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-server"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-server-gssapi"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-sftp-server"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "openssh-tests"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "ssh"
        },
        {
            "binary_version": "1:10.2p1-2ubuntu3.4",
            "binary_name": "ssh-askpass-gnome"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map
{
    "ecosystem": "Ubuntu:26.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59995"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-59996"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59997"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59998"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-59999"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2026-60000"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-60001"
        },
        {
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ],
            "id": "CVE-2026-60002"
        }
    ]
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8533-1.json"