Vulnerabilities

Report: CVE-2026-42189 - Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth - Guide

2026-05-08 0 views admin

CVE ID :CVE-2026-42189 Published : May 8, 2026, 8:16 p.m. | 1 hour, 23 minutes ago Description :Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth (e.g., for 2FA/TOTP) with a single malformed packet, requiring no credentials. This issue has been patched in version 0.60.1. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-42189

Severity

HIGH

Published

May 8, 2026

🏷️ Tags

report42189russhunboundedallocationkeyboardinteractiveguidecvecve-2026-42189

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-42189 - Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth - Guide

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-42160 - Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server

Report: CVE-2026-42190 - RedwoodSDK: Same-site CSRF in in server actions - Analysis

Report: CVE-2026-42181 - Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated

Report: CVE-2026-42180 - Lemmy: SSRF in /api/v3/post via Webmention dispatch - Complete Guide

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting