OpenBSD OpenBSD Makers of OpenBSD operating system, LibreSSL and OpenSSH

  1. Vendors
  2. OpenBSD

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any OpenBSD product.

RSS Feeds for OpenBSD security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in OpenBSD products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by OpenBSD Sorted by Most Security Vulnerabilities since 2018

OpenBSD OpenSSH69 vulnerabilities
SSH Server Implementation

OpenBSD54 vulnerabilities

OpenBSD LibreSSL6 vulnerabilities
Crypto Library

OpenBSD Opensmtpd1 vulnerability

Known Exploited OpenBSD Vulnerabilities

The following OpenBSD vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
OpenSMTPD Remote Code Execution Vulnerability smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
CVE-2020-7247 Exploit Probability: 94.1% 		March 25, 2022

The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 0 vulnerabilities in OpenBSD. Last year, in 2025 OpenBSD had 12 security vulnerabilities published. Right now, OpenBSD is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 12 5.57
2024 14 7.95
2023 15 6.91
2022 3 6.23
2021 6 6.28
2020 5 7.70
2019 12 6.52
2018 6 6.16

It may take a day or so for new OpenBSD vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenBSD Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-58181 Nov 19, 2025
OpenSSH GSSAPI Mechanism Count DoS Leading to DoS via Unbounded Mem SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
OpenSSH
CVE-2025-54547 Oct 29, 2025
OpenSSH Client: SSH Multiplexing Timeout Bypass Allows Post-Timeout File Ops On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
OpenSSH
CVE-2025-59459 Oct 27, 2025
OpenSSH unprivileged account allows persistent SSH/Service DoS An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
OpenSSH
CVE-2025-61985 Oct 06, 2025
OpenSSH before 10.1 Null Byte in ssh:// URI ProxyCommand Code Execution ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
OpenSSH
CVE-2025-61984 Oct 06, 2025
OpenSSH 10.1-Prev: Username Ctrl Char Enables Code Exec via ProxyCommand ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
OpenSSH
CVE-2025-24005 Jul 08, 2025
Local PrivEsc via SSH Script Input Validation Flaw in OpenSSH A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
OpenSSH
CVE-2025-48416 May 21, 2025
OpenSSH Hard-Coded Root /etc/shadow Entry (CVE-2025-48416) An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This configuration can be bypassed/changed by an attacker through multiple paths though.
OpenSSH
CVE-2025-32728 Apr 10, 2025
OpenSSH <10.0: DisableForwarding fails to disable X11/agent forwarding In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
OpenSSH
CVE-2025-30334 Mar 20, 2025
OpenBSD 7.5/7.6 wg(4) Crash via Traffic Before Errata 006/015 In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash.
Openbsd
CVE-2025-26466 Feb 28, 2025
OpenSSH DoS via Ping-Pong Packet Queue Overflow A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
OpenSSH
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.