Known Vulnerabilities for products from Openbsd
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openbsd".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41285 json | In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discover... | Not Provided | 2026-04-21 | 2026-04-24 |
| CVE-2026-35414 json | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in con... | Not Provided | 2026-04-02 | 2026-04-10 |
| CVE-2026-35388 json | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | Not Provided | 2026-04-02 | 2026-04-27 |
| CVE-2026-35387 json | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or Hostba... | Not Provided | 2026-04-02 | 2026-04-27 |
| CVE-2026-35386 json | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requir... | Not Provided | 2026-04-02 | 2026-04-27 |
| CVE-2026-35385 json | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expect... | Not Provided | 2026-04-02 | 2026-04-27 |
| CVE-2026-33306 json | Not Provided | 2026-03-24 | 2026-03-24 | |
| CVE-2025-26465 json | A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be perfo... | Not Provided | 2025-02-18 | 2026-05-12 |
| CVE-2023-51385 json | In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this... | Not Provided | 2023-12-18 | 2026-05-12 |
| CVE-2023-51384 json | In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints... | Not Provided | 2023-12-18 | 2026-05-12 |
| CVE-2023-48795 json | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote att... | Not Provided | 2023-12-18 | 2026-05-12 |
| CVE-2023-40216 json | OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incor... | 5.5 - MEDIUM | 2023-08-10 | 2023-08-23 |
| CVE-2023-38408 json | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote cod... | 9.8 - CRITICAL | 2023-07-20 | 2023-11-07 |
| CVE-2023-38283 json | In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote... | 5.3 - MEDIUM | 2023-08-29 | 2023-09-07 |
| CVE-2023-35784 json | A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and i... | 9.8 - CRITICAL | 2023-06-16 | 2023-11-06 |
| CVE-2023-29323 json | ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-... | 7.8 - HIGH | 2023-04-04 | 2023-05-26 |
| CVE-2023-28531 json | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earl... | Not Provided | 2023-03-17 | 2026-05-12 |
| CVE-2023-27567 json | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | 7.5 - HIGH | 2023-03-03 | 2023-04-06 |
| CVE-2022-48437 json | An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx... | 5.3 - MEDIUM | 2023-04-12 | 2023-04-21 |
| CVE-2022-27882 json | slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow trig... | 7.5 - HIGH | 2022-03-25 | 2022-05-12 |