Critical Vulnerabilities in Fedora SSH Component Expose Users to Command Execution Risks

Critical Vulnerabilities in Fedora SSH Component Expose Users to Command Execution Risks

First seen 2 Jul 2026, 02:18 UTC Linuxsecurity 96% similarity 72.8
Share:

Article Content

Browse articles
ThreatCluster

Fedora has released updates addressing two critical vulnerabilities in the opkssh component, identified as CVE-2026-39828 and CVE-2026-39830. Both vulnerabilities were published on May 22, 2026, and affect users of Fedora 43 and 44. CVE-2026-39828 allows unauthorized command execution due to improper handling of SSH permissions, while CVE-2026-39830 leads to denial of service through resource leaks from unsolicited SSH responses. The vulnerabilities can be exploited by attackers to gain unauthorized access or disrupt service. Users are advised to apply the updates using the 'dnf' package manager. The updates were made available on June 22, 2026, and are critical for maintaining system security.

Key Points: • Two critical vulnerabilities in Fedora's opkssh component were disclosed. • CVE-2026-39828 allows unauthorized command execution via SSH. • CVE-2026-39830 causes denial of service through resource leaks.

ThreatCluster AI

Timeline

2026-05-22
CVE-2026-39828 and CVE-2026-39830 published
Fedora disclosed two critical vulnerabilities affecting opkssh, impacting SSH permissions and causing denial of service.
Linuxsecurity
2026-06-22
Updates released for Fedora 43 and 44
Fedora released updates to patch CVE-2026-39828 and CVE-2026-39830, urging users to upgrade via 'dnf'.
Linuxsecurity

Community

Browse all →