CVE-2026-35388 — Vulnetix

CVE-2026-35388 PUBLISHED CVSS 2.5 LOW

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

EPSS 0.02% · 3.3th percentile

Risk Scores

CVSS v3.1

2.5

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.02%

3.3th percentile

Affected Products

Vendor	Product	Versions
openbsd	openssh	0
OpenBSD	OpenSSH	0

Timeline

Apr 2, 2026 CVE Published
Apr 2, 2026 PoC Published
Apr 2, 2026 PoC Published
Apr 2, 2026 PoC Published
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory
May 4, 2026 Distribution Patch
May 4, 2026 Security Advisory
May 4, 2026 Distribution Patch
May 4, 2026 Security Advisory
May 5, 2026 Distribution Patch
May 5, 2026 Security Advisory

References

https://www.openssh.org/releasenotes.html#10.3p1 url
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 url
https://www.openwall.com/lists/oss-security/2026/04/02/3 url
https://www.ibm.com/support/pages/node/7274185 advisory
https://www.ibm.com/support/pages/node/7274154 advisory
https://www.ibm.com/support/pages/node/7274180 advisory
https://www.ibm.com/support/pages/node/7274183 advisory
https://www.ibm.com/support/pages/node/7273957 advisory
https://www.ibm.com/support/pages/node/7274184 advisory
https://www.ibm.com/support/pages/node/7274314 advisory
https://www.ibm.com/support/pages/node/7274182 advisory
https://www.ibm.com/support/pages/node/7274181 advisory
https://www.ibm.com/support/pages/node/7273803 advisory
https://www.ibm.com/support/pages/node/7272901 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›