vulnerability
Arch Linux: Authentication bypass (CVE-2018-10933)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:P/A:N) | Oct 17, 2018 | Jul 11, 2025 | Mar 25, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
Oct 17, 2018
Added
Jul 11, 2025
Modified
Mar 25, 2026
Description
An authentication bypass vulnerability has been discovered in libssh versions prior to 0.7.6 and 0.8.4, in the server-side state machine. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authenticate without any credentials, resulting in unauthorized access.
Solution
arch-linux-upgrade-latest
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.