OpenSSH version 9.2p1 addresses a critical double-free vulnerability that could lead to Denial of Service (DoS) or Remote Code Execution (RCE) on affected servers. This vulnerability, identified by Mantas Mikulėnas and further investigated by JFrog Security Research, particularly impacts servers using the default OpenSSH configuration. It involves the misuse of the SSH_OLD_DHGEX option, leading to a double-free scenario in the compat_kex_proposal() function. Qualys Security has demonstrated that, without security mitigations like ASLR or NX, this vulnerability can be exploited for RCE on OpenBSD systems. The JFrog Security Research team has rated the vulnerability's severity as high and strongly recommends upgrading to OpenSSH version 9.2p1, which contains the necessary security fix. Despite the vulnerability's potential impact, the JFrog DevOps platform is confirmed not to be affected, and JFrog continues to enhance its security tools and research to improve software security measures.