ByteOS Network

Vulnerability Details :

CVE-2026-35385

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-02 Apr, 2026 | 16:30

Updated At-03 Apr, 2026 | 03:55

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:02 Apr, 2026 | 16:30

Updated At:03 Apr, 2026 | 03:55

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

OpenBSD

Product

OpenSSH

Default Status

unaffected

Versions

Affected

From 0 before 10.3 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-281	CWE-281 Improper Preservation of Permissions

Type: CWE

CWE ID: CWE-281

Description: CWE-281 Improper Preservation of Permissions

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Hyperlink	Resource
https://www.openssh.org/releasenotes.html#10.3p1	N/A
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2	N/A
https://www.openwall.com/lists/oss-security/2026/04/02/3	N/A

Hyperlink: https://www.openssh.org/releasenotes.html#10.3p1

Resource: N/A

Hyperlink: https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2

Resource: N/A

Hyperlink: https://www.openwall.com/lists/oss-security/2026/04/02/3

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:02 Apr, 2026 | 17:16

Updated At:27 Apr, 2026 | 14:02

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

OpenBSD

>>openssh>>Versions before 10.3(exclusive)

cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-281	Primary	cve@mitre.org

CWE ID: CWE-281

Type: Primary

Source: cve@mitre.org

References

Hyperlink	Source	Resource
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2	cve@mitre.org	Third Party Advisory
https://www.openssh.org/releasenotes.html#10.3p1	cve@mitre.org	Release Notes
https://www.openwall.com/lists/oss-security/2026/04/02/3	cve@mitre.org	Third Party Advisory

Hyperlink: https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.openssh.org/releasenotes.html#10.3p1

Source: cve@mitre.org

Resource:

Release Notes

Hyperlink: https://www.openwall.com/lists/oss-security/2026/04/02/3

Source: cve@mitre.org

Resource:

Third Party Advisory

Similar CVEs

5Records found

CVE-2026-35414

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-4.2||MEDIUM

EPSS-0.03% / 9.08%

7 Day CHG+0.01%

Published-02 Apr, 2026 | 17:08

Updated-10 Apr, 2026 | 19:36

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Vendor-OpenBSD

Product-openssh OpenSSH

CWE ID-CWE-670

Always-Incorrect Control Flow Implementation

CVE-2026-35386

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-3.6||LOW

EPSS-0.03% / 10.37%

7 Day CHG~0.00%

Published-02 Apr, 2026 | 16:44

Updated-27 Apr, 2026 | 14:03

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Vendor-OpenBSD

Product-openssh OpenSSH

CWE ID-CWE-696

Incorrect Behavior Order

CVE-2024-6387

Matching Score-8

Assigner-Red Hat, Inc.

View Details

Matching Score-8

Assigner-Red Hat, Inc.

CVSS Score-8.1||HIGH

EPSS-48.42% / 97.78%

7 Day CHG+0.36%

Published-01 Jul, 2024 | 12:37

Updated-12 May, 2026 | 12:17

Openssh: regresshion - race condition in ssh allows rce/dos

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Vendor-amazon almalinux FreeBSD Foundation Apple Inc.SonicWall Inc.Canonical Ltd.NetApp, Inc.OpenBSD Siemens AG SUSE Red Hat, Inc.Debian GNU/Linux NetBSD Arista Networks, Inc.

Product-ontap_select_deploy_administration_utility sma_6210_firmware a150_firmware 8300 enterprise_linux_for_ibm_z_systems a700s openssh enterprise_linux_for_arm_64_eus sma_7210 a9500_firmware a800 linux_enterprise_micro a220_firmware a400_firmware enterprise_linux_for_power_little_endian_eus c800_firmware a90_firmware almalinux a9500 a1k_firmware fas2820 sra_ex_7000_firmware enterprise_linux_for_power_little_endian a250_firmware a150 enterprise_linux_server_aus sra_ex_7000 500f 8700_firmware a90 sma_6210 fas2750 fas2820_firmware a900_firmware 500f_firmware 8300_firmware sma_7210_firmware c800 sma_8200v_firmware fas2720 openshift_container_platform e-series_santricity_os_controller amazon_linux ubuntu_linux c250 enterprise_linux_for_arm_64 eos bootstrap_os ontap sma_6200_firmware a1k macos a70_firmware fas2720_firmware active_iq_unified_manager fas2750_firmware sma_7200_firmware c400_firmware hci_compute_node a800_firmware c250_firmware enterprise_linux_eus sma_7200 c190 debian_linux freebsd a400 a250 c190_firmware a700s_firmware sma_8200v netbsd 8700 enterprise_linux_for_ibm_z_systems_eus c400 sma_6200 a220 ontap_tools a70 a900 enterprise_linux Red Hat Enterprise Linux 10 Red Hat OpenShift Container Platform 4.13 Red Hat OpenShift Container Platform 4.15 Red Hat Enterprise Linux 9.2 Extended Update Support Red Hat Ceph Storage 5 Red Hat OpenShift Container Platform 4.14 Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 8 Red Hat Ceph Storage 7 Red Hat OpenShift Container Platform 4.16 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 9 Red Hat Ceph Storage 6 SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Industrial Edge Management OS (IEM-OS)SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP SIMATIC S7-1500 CPU 1518-4 PN/DP MFP SINEMA Remote Connect Server SINUMERIK ONE SINAMICS IIoT module

CWE ID-CWE-364

Signal Handler Race Condition

CWE ID-CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE-2006-5051

Matching Score-8

Assigner-Red Hat, Inc.

View Details

Matching Score-8

Assigner-Red Hat, Inc.

CVSS Score-8.1||HIGH

EPSS-2.62% / 85.83%

7 Day CHG~0.00%

Published-27 Sep, 2006 | 23:00

Updated-23 Apr, 2026 | 00:35

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

Vendor-n/a Apple Inc.OpenBSD Debian GNU/Linux

Product-openssh debian_linux mac_os_x mac_os_x_server n/a

CWE ID-CWE-415

Double Free

CVE-2024-39894

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-3.03% / 86.79%

7 Day CHG~0.00%

Published-02 Jul, 2024 | 00:00

Updated-15 Apr, 2026 | 00:35

OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.

Vendor-n/a OpenBSD

Product-n/a openssh

CWE ID-CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CVE-2026-35385

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs