VDB

CVE-2026-35387

CVE-2026-35387 PUBLISHED CVSS 3.0999999046325684 LOW

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

EPSS 0.05% · 16.8th percentile

Risk Scores

CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.05%
16.8th percentile

Affected Products

VendorProductVersions
OpenBSDOpenSSH0
openbsdopenssh0

Timeline

  • Apr 2, 2026 CVE Published
  • Apr 2, 2026 PoC Published
  • Apr 2, 2026 PoC Published
  • Apr 2, 2026 PoC Published
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 4, 2026 Distribution Patch
  • May 4, 2026 Security Advisory
  • May 4, 2026 Distribution Patch
  • May 4, 2026 Security Advisory
  • May 5, 2026 Distribution Patch
  • May 5, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›