CVE-2026-35387

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3

Description OpenSSH versions before 10.3 incorrectly handle ECDSA algorithms. Specifically, the software misinterprets the listing of any ECDSA algorithm in the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configurations as an acceptance of all ECDSA algorithms.

Recommendations Update to version 10.3 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

ALSA-2026:13380

ALSA-2026:13381

ALSA-2026:13383

CVE-2026-35387

ECHO-3B5A-4980-C0AD

JLSEC-2026-76

OESA-2026-1963

USN-8222-1

Affected Products

Linuxmint

Openssh

Rocky Linux

Ubuntu

CVE-2026-35387

Weakness Enumeration

Related Identifiers

Affected Products

References · 48