Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OpenSSH

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found

CVE-2026-35414
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.18% / 7.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 17:08
Updated-10 Apr, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Action-Not Available
Vendor-OpenBSD
Product-opensshOpenSSH
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2026-35388
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-2.5||LOW
EPSS-0.13% / 2.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:57
Updated-27 Apr, 2026 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Action-Not Available
Vendor-OpenBSD
Product-opensshOpenSSH
CWE ID-CWE-420
Unprotected Alternate Channel
CVE-2026-35387
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.1||LOW
EPSS-0.24% / 14.67%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:52
Updated-27 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Action-Not Available
Vendor-OpenBSD
Product-opensshOpenSSH
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2026-35386
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.25% / 15.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 16:44
Updated-27 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Action-Not Available
Vendor-OpenBSD
Product-opensshOpenSSH
CWE ID-CWE-696
Incorrect Behavior Order
CVE-2026-35385
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.42% / 33.71%
||
7 Day CHG+0.13%
Published-02 Apr, 2026 | 16:30
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Action-Not Available
Vendor-Red Hat, Inc.OpenBSD
Product-opensshOpenSSHRed Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream (v. 10)Red Hat AI Inference Server 3.3Multicluster Engine for KubernetesRed Hat Enterprise Linux BaseOS E4S (v.9.2)OpenShift PipelinesRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS (v. 10)Red Hat Enterprise Linux BaseOS E4S (v.8.6)Red Hat AI Inference Server 3.2Red Hat Enterprise Linux BaseOS EUS (v.9.4)Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.12Red Hat Enterprise Linux BaseOS EUS (v.9.6)Red Hat Discovery 2Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux BaseOS (v. 8)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)Red Hat Enterprise Linux BaseOS (v. 9)Red Hat OpenShift Container Platform 4.18Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux BaseOS EUS (v. 10.0)Red Hat Advanced Cluster Management for Kubernetes 2Red Hat OpenShift Container Platform 4.19Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux BaseOS E4S (v.8.8)Red Hat Update Infrastructure 5Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux BaseOS AUS (v.8.4)Red Hat Enterprise Linux BaseOS AUS (v.8.6)Red Hat Enterprise Linux BaseOS TUS (v.8.6)
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2025-61985
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.11% / 1.69%
||
7 Day CHG-0.00%
Published-06 Oct, 2025 | 00:00
Updated-08 Oct, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

Action-Not Available
Vendor-OpenBSD
Product-OpenSSH
CWE ID-CWE-158
Improper Neutralization of Null Byte or NUL Character
CVE-2025-61984
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.6||LOW
EPSS-0.21% / 11.33%
||
7 Day CHG-0.01%
Published-06 Oct, 2025 | 00:00
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

Action-Not Available
Vendor-OpenBSD
Product-OpenSSH
CWE ID-CWE-159
Improper Handling of Invalid Use of Special Elements
CVE-2025-32728
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 5.58%
||
7 Day CHG+0.01%
Published-10 Apr, 2025 | 00:00
Updated-22 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

Action-Not Available
Vendor-OpenBSDDebian GNU/Linux
Product-debian_linuxopensshOpenSSH
CWE ID-CWE-440
Expected Behavior Violation