24h | 7d | 30d

Overview

  • OpenBSD
  • OpenSSH

02 Apr 2026
Published
02 Apr 2026
Updated

CVSS v3.1
LOW (3.1)
EPSS
Pending

KEV

Description

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 5
  • 0
  • 15h ago

Overview

  • OpenBSD
  • OpenSSH

02 Apr 2026
Published
03 Apr 2026
Updated

CVSS v3.1
LOW (3.6)
EPSS
Pending

KEV

Description

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Statistics

  • 1 Post
  • 9 Interactions

Last activity: 15 hours ago

Fediverse

Profile picture fallback

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 5
  • 0
  • 15h ago
Showing 31 to 32 of 32 CVEs