PT-2026-29834 · Openbsd+4 · Openssh+4

·

CVE-2026-35387

·

Published

2026-04-02

·

Updated

2026-05-28

CVSS v3.1

6.5

Medium

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3
Description OpenSSH versions before 10.3 incorrectly handle ECDSA algorithms. Specifically, the software misinterprets the listing of any ECDSA algorithm in the PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms configurations as an acceptance of all ECDSA algorithms.
Recommendations Update to version 10.3 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:13380
ALSA-2026:13381
ALSA-2026:13383
ALSA-2026:19069
ALSA-2026:19219
CVE-2026-35387
ECHO-3B5A-4980-C0AD
JLSEC-2026-76
OESA-2026-1963
RHSA-2026:12389
RHSA-2026:13380
RHSA-2026:13381
RHSA-2026:13383
RHSA-2026:19069
RHSA-2026:19219
USN-8222-1

Affected Products

Ibm Aix
Linuxmint
Openssh
Rocky Linux
Ubuntu