24h | 7d | 30d

CVE-2026-35387

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
02 Apr 2026
Updated
CVSS v3.1
LOW (3.1)
EPSS
Pending
KEV

Description

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Statistics

  • 1 Post
  • 9 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
cR0w 🏴‍☠️🫈🫍 @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 5
  • 0
  • 15h ago

CVE-2026-35386

Overview

  • OpenBSD
  • OpenSSH
02 Apr 2026
Published
03 Apr 2026
Updated
CVSS v3.1
LOW (3.6)
EPSS
Pending
KEV

Description

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Statistics

  • 1 Post
  • 9 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture fallback
cR0w 🏴‍☠️🫈🫍 @cR0w

Anyone have time to look through the vuln fixes for OpenSSH today? I haven't yet because I'm trying not to care about it but there are at least four CVEs apparently.

openssh.org/txt/release-10.3

CVE-2026-35385
CVE-2026-35386
CVE-2026-35387
CVE-2026-35388

  • 4
  • 5
  • 0
  • 15h ago
Showing 31 to 32 of 32 CVEs