<ul><li>Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.</li><li>The first vulnerability (CVE-2025-26465) enables an attacker to conduct an active MitM attack when the VerifyHostKeyDNS option is enabled.</li><li>The second vulnerability (CVE-2025-26466) affects both the OpenSSH client and server, allowing a pre-authentication DoS attack.</li><li>These vulnerabilities have been fixed in OpenSSH 9.9p2, released by OpenSSH maintainers.</li></ul>

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Discover more