CVE-2026-35387

CVSS v3.1

3.1

Low

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670

Related Identifiers

CVE-2026-35387

Affected Products

Openssh

CVE-2026-35387

Weakness Enumeration

Related Identifiers

Affected Products

References · 4