CVE-2026-35388

Published Apr 2, 2026

Last updated a month ago

CVSS low 2.5

Overview

Description
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
Source
cve@mitre.org
NVD status
Analyzed
Products
openssh

Risk scores

CVSS 3.1

Type
Primary
Base score
2.5
Impact score
1.4
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity
LOW

Weaknesses

cve@mitre.org
CWE-420

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.CVE-2026-35414
  2. OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.CVE-2026-35387
  3. In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.CVE-2026-35386
  4. In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).CVE-2026-35385
  5. In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.CVE-2025-32728

References

Sources include official advisories and independent security research.