OpenSSH sshd GSSAPIStrictAcceptorCheck Misconfig Pre-10.4 on AD
CVE-2026-59998 Published on July 8, 2026
sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory.
Vulnerability Analysis
CVE-2026-59998 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Improper Following of Specification by Caller
The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform. When leveraging external functionality, such as an API, it is important that the caller does so in accordance with the requirements of the external functionality or else unintended behaviors may result, possibly leaving the system vulnerable to any number of exploits.
Products Associated with CVE-2026-59998
Want to know whenever a new CVE is published for OpenBSD OpenSSH? stack.watch will email you.
Affected Versions
OpenBSD OpenSSH:- Before 10.4 is affected.