PT-2026-29833 · Openbsd · Openssh
Rabbit
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-35386
CVSS v3.1
3.6
Low
| AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N |
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh config.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openssh