Earlier this week Qualys announced two critical vulnerabilities for OpenSSH - CVE-2025-26465 and 2025-26466. We are looking for helping testing the patches for CVE-2025-26465. The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The second, CVE-2025-26466, affects both the OpenSSH client and server, enabling a pr...
