UBUNTU-CVE-2026-55655

Source
https://ubuntu.com/security/CVE-2026-55655
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-55655
Upstream
  • CVE-2026-55655
Published
2026-06-23T04:17:00Z
Modified
2026-06-29T13:56:54.626376326Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session.

References

Affected packages

Ubuntu:18.04:LTS
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-8
1:7.5p1-9
1:7.5p1-9build1
1:7.5p1-10

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-10"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:20.04:LTS
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-11build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-11build1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:22.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.4p1-6ubuntu2
1:8.7p1-2
1:8.7p1-2build1
1:8.7p1-4
1:8.8p1-1
1:8.9p1-3
1:8.9p1-3ubuntu0.1
1:8.9p1-3ubuntu0.3
1:8.9p1-3ubuntu0.4
1:8.9p1-3ubuntu0.5
1:8.9p1-3ubuntu0.6
1:8.9p1-3ubuntu0.7
1:8.9p1-3ubuntu0.10
1:8.9p1-3ubuntu0.11
1:8.9p1-3ubuntu0.13
1:8.9p1-3ubuntu0.14
1:8.9p1-3ubuntu0.15

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.9p1-3ubuntu0.15"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-12
1:7.5p1-12build1
1:7.5p1-13

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-13"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:24.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*
1:9.3p1-1ubuntu3
1:9.4p1-1ubuntu1
1:9.6p1-3ubuntu1
1:9.6p1-3ubuntu2
1:9.6p1-3ubuntu11
1:9.6p1-3ubuntu12
1:9.6p1-3ubuntu13
1:9.6p1-3ubuntu13.3
1:9.6p1-3ubuntu13.4
1:9.6p1-3ubuntu13.5
1:9.6p1-3ubuntu13.7
1:9.6p1-3ubuntu13.8
1:9.6p1-3ubuntu13.9
1:9.6p1-3ubuntu13.11
1:9.6p1-3ubuntu13.12
1:9.6p1-3ubuntu13.13
1:9.6p1-3ubuntu13.14
1:9.6p1-3ubuntu13.15
1:9.6p1-3ubuntu13.16

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:9.6p1-3ubuntu13.16"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-14
1:7.5p1-15
1:7.5p1-15build1
1:7.5p1-16

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-16"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:25.10
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*
1:9.9p1-3ubuntu3
1:9.9p1-3ubuntu3.1
1:10.*
1:10.0p1-5ubuntu2
1:10.0p1-5ubuntu3
1:10.0p1-5ubuntu4
1:10.0p1-5ubuntu5
1:10.0p1-5ubuntu5.1
1:10.0p1-5ubuntu5.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "openssh-client-gssapi",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "openssh-server-gssapi",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:10.0p1-5ubuntu5.4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-17

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-17"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:26.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:10.*
1:10.0p1-5ubuntu5
1:10.2p1-2ubuntu1
1:10.2p1-2ubuntu3
1:10.2p1-2ubuntu3.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "openssh-client-gssapi",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "openssh-server-gssapi",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:10.2p1-2ubuntu3.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
openssh-ssh1

Package

Name
openssh-ssh1
Purl
pkg:deb/ubuntu/openssh-ssh1?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-17
1:7.5p1-18

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.5p1-18"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:14.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*
1:6.2p2-6
1:6.2p2-6ubuntu1
1:6.4p1-1
1:6.4p1-2
1:6.5p1-1
1:6.5p1-2
1:6.5p1-3
1:6.5p1-4
1:6.5p1-6
1:6.6p1-1
1:6.6p1-2
1:6.6p1-2ubuntu1
1:6.6p1-2ubuntu2
1:6.6p1-2ubuntu2.2
1:6.6p1-2ubuntu2.3
1:6.6p1-2ubuntu2.4
1:6.6p1-2ubuntu2.6
1:6.6p1-2ubuntu2.7
1:6.6p1-2ubuntu2.8
1:6.6p1-2ubuntu2.10
1:6.6p1-2ubuntu2.11
1:6.6p1-2ubuntu2.12
1:6.6p1-2ubuntu2.13
1:6.6p1-2ubuntu2.13+esm1
1:6.6p1-2ubuntu2.13+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        },
        {
            "binary_name": "ssh-krb5",
            "binary_version": "1:6.6p1-2ubuntu2.13+esm2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:16.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:6.*
1:6.9p1-2
1:6.9p1-3
1:7.*
1:7.1p1-1
1:7.1p1-3
1:7.1p1-4
1:7.1p1-6
1:7.1p2-1
1:7.1p2-2
1:7.2p1-1
1:7.2p2-1
1:7.2p2-2
1:7.2p2-3
1:7.2p2-4
1:7.2p2-4ubuntu1
1:7.2p2-4ubuntu2.1
1:7.2p2-4ubuntu2.2
1:7.2p2-4ubuntu2.4
1:7.2p2-4ubuntu2.5
1:7.2p2-4ubuntu2.6
1:7.2p2-4ubuntu2.7
1:7.2p2-4ubuntu2.8
1:7.2p2-4ubuntu2.10
1:7.2p2-4ubuntu2.10+esm1
1:7.2p2-4ubuntu2.10+esm2
1:7.2p2-4ubuntu2.10+esm3
1:7.2p2-4ubuntu2.10+esm4
1:7.2p2-4ubuntu2.10+esm5
1:7.2p2-4ubuntu2.10+esm6
1:7.2p2-4ubuntu2.10+esm7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        },
        {
            "binary_name": "ssh-krb5",
            "binary_version": "1:7.2p2-4ubuntu2.10+esm7"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:18.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.5p1-10
1:7.6p1-4
1:7.6p1-4ubuntu0.1
1:7.6p1-4ubuntu0.2
1:7.6p1-4ubuntu0.3
1:7.6p1-4ubuntu0.5
1:7.6p1-4ubuntu0.6
1:7.6p1-4ubuntu0.7
1:7.6p1-4ubuntu0.7+esm1
1:7.6p1-4ubuntu0.7+esm2
1:7.6p1-4ubuntu0.7+esm3
1:7.6p1-4ubuntu0.7+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.6p1-4ubuntu0.7+esm4"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.6p1-4ubuntu0.7+esm4"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.6p1-4ubuntu0.7+esm4"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.6p1-4ubuntu0.7+esm4"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.6p1-4ubuntu0.7+esm4"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:20.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=esm-infra%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.0p1-6build1
1:8.1p1-1
1:8.1p1-5
1:8.2p1-4
1:8.2p1-4ubuntu0.1
1:8.2p1-4ubuntu0.2
1:8.2p1-4ubuntu0.3
1:8.2p1-4ubuntu0.4
1:8.2p1-4ubuntu0.5
1:8.2p1-4ubuntu0.7
1:8.2p1-4ubuntu0.8
1:8.2p1-4ubuntu0.9
1:8.2p1-4ubuntu0.10
1:8.2p1-4ubuntu0.11
1:8.2p1-4ubuntu0.12
1:8.2p1-4ubuntu0.13
1:8.2p1-4ubuntu0.13+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.2p1-4ubuntu0.13+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS-preview:22.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-preview%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.9p1-3ubuntu0.4+Fips1
1:8.9p1-3ubuntu0.4+Fips3
1:8.9p1-3ubuntu1.fips.0~ppa3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS-updates:18.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-updates%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.9p1-10~ubuntu18.04.fips.0.1
1:7.9p1-10~ubuntu18.04.fips.0.2
1:7.9p1-10~ubuntu18.04.fips.0.3
1:7.9p1-10~ubuntu18.04.fips.0.4
1:7.9p1-10~ubuntu18.04.fips.0.5
1:7.9p1-10~ubuntu18.04.fips.0.6
1:7.9p1-10~ubuntu18.04.fips.0.7
1:7.9p1-10~ubuntu18.04.fips.0.8
1:7.9p1-10~ubuntu18.04.fips.0.9
1:7.9p1-10~ubuntu18.04.fips.0.10

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "openssh-client-hmac",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "openssh-server-hmac",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.10"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS-updates:20.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-updates%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.2p1-4ubuntu0.fips.0.2.1
1:8.2p1-4ubuntu0.fips.0.4.0
1:8.2p1-4ubuntu0.fips.0.5.0
1:8.2p1-4ubuntu0.fips.0.7
1:8.2p1-4ubuntu0.fips.0.8
1:8.2p1-4ubuntu0.fips.0.9
1:8.2p1-4ubuntu0.fips.0.10
1:8.2p1-4ubuntu0.fips.0.11
1:8.2p1-4ubuntu0.fips.0.12
1:8.2p1-4ubuntu0.fips.0.13
1:8.2p1-4ubuntu0.fips.0.13.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.13.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS-updates:22.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-updates%2Fjammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.9p1-3ubuntu0.4+Fips1
1:8.9p1-3ubuntu0.4+Fips3
1:8.9p1-3ubuntu0.6+Fips1
1:8.9p1-3ubuntu0.7+Fips1
1:8.9p1-3ubuntu0.10+Fips1
1:8.9p1-3ubuntu0.11+Fips1
1:8.9p1-3ubuntu0.13+Fips1
1:8.9p1-3ubuntu0.14+Fips1
1:8.9p1-3ubuntu0.15+Fips1
1:8.9p1-3ubuntu0.15+Fips3
1:8.9p1-3ubuntu1.fips.0~ppa3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.9p1-3ubuntu1.fips.0~ppa3"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS-updates:24.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-updates%2Fnoble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:9.*
1:9.6p1-3ubuntu13.7+Fips1
1:9.6p1-3ubuntu13.12+Fips1
1:9.6p1-3ubuntu13.13+Fips1
1:9.6p1-3ubuntu13.14+Fips1
1:9.6p1-3ubuntu13.15+Fips1
1:9.6p1-3ubuntu13.16+Fips1
1:9.6p1-3ubuntu13.16+Fips2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:9.6p1-3ubuntu13.16+Fips2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS:16.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips-updates%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.2p2-4ubuntu2.fips.2.2.3
1:7.2p2-4ubuntu2.fips.2.4.1
1:7.2p2-4ubuntu2.fips.2.4.2
1:7.2p2-4ubuntu2.fips.2.8.1
1:7.2p2-4ubuntu2.fips.2.10.1
1:7.2p2-4ubuntu2.fips.2.10.2
1:7.2p2-4ubuntu2.fips.2.10.3
1:7.2p2-4ubuntu2.fips.2.10.4
1:7.2p2-4ubuntu2.fips.2.10.5
1:7.2p2-4ubuntu2.fips.2.10.6
1:7.2p2-4ubuntu2.fips.2.10.7

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "openssh-client-hmac",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "openssh-server-hmac",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        },
        {
            "binary_name": "ssh-krb5",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.7"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.2p2-4ubuntu2.fips.2.2
1:7.2p2-4ubuntu2.fips.2.2.1
1:7.2p2-4ubuntu2.fips.2.10.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "openssh-client-hmac",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "openssh-client-ssh1",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "openssh-server-hmac",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        },
        {
            "binary_name": "ssh-krb5",
            "binary_version": "1:7.2p2-4ubuntu2.fips.2.10.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS:18.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:7.*
1:7.9p1-10~ubuntu18.04.fips.0.1
1:7.9p1-10~ubuntu18.04.fips.0.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "openssh-client-hmac",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "openssh-server-hmac",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:7.9p1-10~ubuntu18.04.fips.0.2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"
Ubuntu:Pro:FIPS:20.04:LTS
openssh

Package

Name
openssh
Purl
pkg:deb/ubuntu/openssh?arch=source&distro=fips%2Ffocal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:8.*
1:8.2p1-4ubuntu0.fips.0.2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "openssh-client",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        },
        {
            "binary_name": "openssh-server",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        },
        {
            "binary_name": "openssh-sftp-server",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        },
        {
            "binary_name": "openssh-tests",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        },
        {
            "binary_name": "ssh",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        },
        {
            "binary_name": "ssh-askpass-gnome",
            "binary_version": "1:8.2p1-4ubuntu0.fips.0.2.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55655.json"