CVE-2026-46595

Public on 2026-05-22
Modified on 2026-05-22
Description
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent Pending Fix
Amazon Linux 2023 amazon-cloudwatch-agent Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd Pending Fix
Amazon Linux 2 - Docker Extra containerd Pending Fix
Amazon Linux 2 - Ecs Extra containerd Pending Fix
Amazon Linux 2023 containerd Pending Fix
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker Pending Fix
Amazon Linux 2 - Docker Extra docker Pending Fix
Amazon Linux 2 - Ecs Extra docker Pending Fix
Amazon Linux 2023 docker Pending Fix
Amazon Linux 2023 git-lfs Pending Fix
Amazon Linux 2 - Core nerdctl Pending Fix
Amazon Linux 2023 nerdctl Pending Fix
Amazon Linux 2 - Core rclone Pending Fix
Amazon Linux 2023 rclone Pending Fix
Amazon Linux 2 - Docker Extra runfinch-finch Pending Fix
Amazon Linux 2023 runfinch-finch Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-46595 Mitre: CVE-2026-46595