VDB
CVE-2026-35387
CVE-2026-35387
PUBLISHED
CVSS 3.0999999046325684 LOW
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
EPSS 0.05% · 16.8th percentile
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.05%
16.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| OpenBSD | OpenSSH | 0 |
| openbsd | openssh | 0 |
Timeline
- Apr 2, 2026 CVE Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 PoC Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 4, 2026 Distribution Patch
- May 4, 2026 Security Advisory
- May 4, 2026 Distribution Patch
- May 4, 2026 Security Advisory
- May 5, 2026 Distribution Patch
- May 5, 2026 Security Advisory
References
- https://www.openssh.org/releasenotes.html#10.3p1 url
- https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 url
- https://www.openwall.com/lists/oss-security/2026/04/02/3 url
- https://www.ibm.com/support/pages/node/7274185 advisory
- https://www.ibm.com/support/pages/node/7274154 advisory
- https://www.ibm.com/support/pages/node/7274180 advisory
- https://www.ibm.com/support/pages/node/7274183 advisory
- https://www.ibm.com/support/pages/node/7273957 advisory
- https://www.ibm.com/support/pages/node/7274184 advisory
- https://www.ibm.com/support/pages/node/7274314 advisory
- https://www.ibm.com/support/pages/node/7274182 advisory
- https://www.ibm.com/support/pages/node/7274181 advisory
- https://www.ibm.com/support/pages/node/7273803 advisory
- https://www.ibm.com/support/pages/node/7272901 advisory