CVE
CVE-2024-6387
2field notes · 0digests
Field notes
Analysis · Jun 17, 2026 · Colten Anderson
regreSSHion proved 'hard to exploit' is not a patch window
CVE-2024-6387 got filed under 'low priority' because it's slow on 64-bit. The CVSS score measured exploit difficulty, not what a root RCE in sshd actually puts at risk.
Analysis · Jun 3, 2026 · Colten Anderson
Everything is critical, so nothing is critical
A third of last year's CVEs were rated High or Critical, but only a few percent ever get exploited. The severity score was never a risk score, and the queue that treats it like one is the reason confirmed-exploited bugs sit unpatched for 43 days.