CVE-2026-35386 in OpenSSH
Resumen (Inglés)
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Responsable
MITRE
Reservar
2026-04-02
Divulgación
2026-04-02
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354956 | OpenSSH Command Line ssh_config Local Privilege Escalation | 696 | No está definido | Arreglo oficial | CVE-2026-35386 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV