CVE-2026-35388

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2	Third Party Advisory
https://www.openssh.org/releasenotes.html#10.3p1	Release Notes
https://www.openwall.com/lists/oss-security/2026/04/02/3	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

History

27 Apr 2026, 14:12

Type	Values Removed	Values Added
First Time		Openbsd Openbsd openssh
CPE		cpe:2.3:a:openbsd:openssh::::::::
References	~~() https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 -~~	() https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 - Third Party Advisory
References	~~() https://www.openssh.org/releasenotes.html#10.3p1 -~~	() https://www.openssh.org/releasenotes.html#10.3p1 - Release Notes
References	~~() https://www.openwall.com/lists/oss-security/2026/04/02/3 -~~	() https://www.openwall.com/lists/oss-security/2026/04/02/3 - Third Party Advisory

02 Apr 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-02 17:16

Updated : 2026-04-27 14:12

NVD link : CVE-2026-35388

Mitre link : CVE-2026-35388

CVE.ORG link : CVE-2026-35388

JSON object : View

Products Affected

openbsd

openssh

CWE

CWE-420

Unprotected Alternate Channel

2.5 /10