Package impact
crates.io / russh
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46673 | high | — | 8.0 | 8d ago | Russh: Unchecked CryptoVec allocation and growth handling is reachable | |||
| CVE-2026-42189 | high | 7.5 | 7.5 | 21d ago | russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler | |||
| CVE-2026-46705 | unknown | — | — | 9h ago | russh server userauth state is not reset when authentication principal changes | |||
| CVE-2026-46702 | unknown | — | — | 9h ago | russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets |