OpenBSD OpenBSD Makers of OpenBSD operating system, LibreSSL and OpenSSH

  1. Vendors
  2. OpenBSD

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any OpenBSD product.

RSS Feeds for OpenBSD security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in OpenBSD products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by OpenBSD Sorted by Most Security Vulnerabilities since 2018

OpenBSD OpenSSH74 vulnerabilities
SSH Server Implementation

OpenBSD57 vulnerabilities

OpenBSD LibreSSL6 vulnerabilities
Crypto Library

OpenBSD Opensmtpd1 vulnerability

Known Exploited OpenBSD Vulnerabilities

The following OpenBSD vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
OpenSMTPD Remote Code Execution Vulnerability smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
CVE-2020-7247 Exploit Probability: 99.0% 		March 25, 2022

The vulnerability CVE-2020-7247: OpenSMTPD Remote Code Execution Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 9 vulnerabilities in OpenBSD with an average score of 4.9 out of ten. Last year, in 2025 OpenBSD had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in OpenBSD in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.71




Year Vulnerabilities Average Score
2026 9 4.86
2025 12 5.57
2024 14 7.95
2023 15 6.95
2022 3 6.23
2021 6 6.14
2020 5 7.70
2019 12 6.52
2018 6 6.16

It may take a day or so for new OpenBSD vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent OpenBSD Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-57589 Jun 25, 2026
OpenBSD 7.9 sysv_sem.c Use-After-Free CAUSE Priv Esc sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget().
Openbsd
CVE-2026-56099 Jun 18, 2026
OpenBSD Kernel OOB Read via MPLS frames (CVE-2026-56099) OpenBSD before commit 6a23123 (2026-06-18) contains an out-of-bounds read vulnerability in the mpls_do_error function within sys/netmpls/mpls_input.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set.
CVE-2026-55706 Jun 17, 2026
OpenBSD PPP Auth Bypass via Zero-Length PAP Input sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
Openbsd
CVE-2026-41285 Apr 20, 2026
OpenBSD slaacd/rad daemons: infinite loop via crafted ICMPv6 ND option (len 0) In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.
Openbsd
CVE-2026-35414 Apr 02, 2026
OpenSSH 10.2 Principals Option Misparse via Commas in CA OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
OpenSSH
CVE-2026-35388 Apr 02, 2026
OpenSSH <10.3: Missing confirmation in proxymode multiplexing OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
OpenSSH
CVE-2026-35387 Apr 02, 2026
OpenSSH <10.3 Unintended ECDSA via PubkeyAcceptedAlgorithms OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
OpenSSH
CVE-2026-35386 Apr 02, 2026
OpenSSH <=10.2: Cmd Exec via Metachar Username on CLI In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
OpenSSH
CVE-2026-35385 Apr 02, 2026
OpenSSH <10.3 Setuid/Gid Escalation via SCP -O (no -p) In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
OpenSSH
CVE-2025-58181 Nov 19, 2025
OpenSSH GSSAPI Mechanism Count DoS Leading to DoS via Unbounded Mem SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
OpenSSH
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.