OpenBSD OpenBSD Makers of OpenBSD operating system, LibreSSL and OpenSSH

  1. Vendors
  2. OpenBSD

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any OpenBSD product.

RSS Feeds for OpenBSD security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in OpenBSD products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by OpenBSD Sorted by Most Security Vulnerabilities since 2018

OpenBSD OpenSSH74 vulnerabilities
SSH Server Implementation

OpenBSD54 vulnerabilities

OpenBSD LibreSSL6 vulnerabilities
Crypto Library

OpenBSD Opensmtpd1 vulnerability

Known Exploited OpenBSD Vulnerabilities

The following OpenBSD vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
OpenSMTPD Remote Code Execution Vulnerability smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
CVE-2020-7247 Exploit Probability: 94.1% 		March 25, 2022

The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 5 vulnerabilities in OpenBSD with an average score of 4.2 out of ten. Last year, in 2025 OpenBSD had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in OpenBSD in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.39




Year Vulnerabilities Average Score
2026 5 4.18
2025 12 5.57
2024 14 7.95
2023 15 6.91
2022 3 6.23
2021 6 6.28
2020 5 7.70
2019 12 6.52
2018 6 6.16

It may take a day or so for new OpenBSD vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenBSD Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-35414 Apr 02, 2026
OpenSSH 10.2 Principals Option Misparse via Commas in CA OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
OpenSSH
CVE-2026-35388 Apr 02, 2026
OpenSSH <10.3: Missing confirmation in proxymode multiplexing OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
OpenSSH
CVE-2026-35387 Apr 02, 2026
OpenSSH <10.3 Unintended ECDSA via PubkeyAcceptedAlgorithms OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
OpenSSH
CVE-2026-35386 Apr 02, 2026
OpenSSH <=10.2: Cmd Exec via Metachar Username on CLI In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
OpenSSH
CVE-2026-35385 Apr 02, 2026
OpenSSH <10.3 Setuid/Gid Escalation via SCP -O (no -p) In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
OpenSSH
CVE-2025-58181 Nov 19, 2025
OpenSSH GSSAPI Mechanism Count DoS Leading to DoS via Unbounded Mem SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
OpenSSH
CVE-2025-54547 Oct 29, 2025
OpenSSH Client: SSH Multiplexing Timeout Bypass Allows Post-Timeout File Ops On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
OpenSSH
CVE-2025-59459 Oct 27, 2025
OpenSSH unprivileged account allows persistent SSH/Service DoS An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
OpenSSH
CVE-2025-61985 Oct 06, 2025
OpenSSH before 10.1 Null Byte in ssh:// URI ProxyCommand Code Execution ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.
OpenSSH
CVE-2025-61984 Oct 06, 2025
OpenSSH 10.1-Prev: Username Ctrl Char Enables Code Exec via ProxyCommand ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
OpenSSH
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.