VDB

DEBIAN-CVE-2026-35388

DEBIAN-CVE-2026-35388 PUBLISHED CVSS 2.5 LOW

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Risk Scores

CVSS 3.1
2.5
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:13openssh1:10.0p1-7, 10.0, 10.0
Debian:14openssh1:10.2p1-3, 1:10.2p1-2~bpo13+1, 1:10.2p1-2
Debian:11openssh1:9.7p1-1, 1:10.0p1-7, 1:10.0p1-7~bpo12+1
Debian:12openssh1:9.8p1-3, 1:9.8p1-4, 1:9.8p1-7

Timeline

  • Apr 2, 2026 CVE Published
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›