CVSS: 4.2EPSS: %CPEs: 1EXPL: 0CVE-2026-35414
https://notcve.org/view.php?id=CVE-2026-35414
02 Apr 2026 — OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. • https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 2.5EPSS: %CPEs: 1EXPL: 0CVE-2026-35388
https://notcve.org/view.php?id=CVE-2026-35388
02 Apr 2026 — OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. • https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 • CWE-420: Unprotected Alternate Channel •
CVSS: 3.1EPSS: %CPEs: 1EXPL: 0CVE-2026-35387
https://notcve.org/view.php?id=CVE-2026-35387
02 Apr 2026 — OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. • https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 3.6EPSS: %CPEs: 1EXPL: 0CVE-2026-35386
https://notcve.org/view.php?id=CVE-2026-35386
02 Apr 2026 — In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config. • https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 • CWE-696: Incorrect Behavior Order •
CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2026-35385
https://notcve.org/view.php?id=CVE-2026-35385
02 Apr 2026 — In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). • https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 • CWE-281: Improper Preservation of Permissions •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-61984 – SUSE Security Advisory - SUSE-SU-2025:4067-1
https://notcve.org/view.php?id=CVE-2025-61984
06 Oct 2025 — ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) This update for openssh fixes the following issues. Code execution via control characters in usernames when a ProxyCommand... • https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2 • CWE-159: Improper Handling of Invalid Use of Special Elements •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-61985 – SUSE Security Advisory - SUSE-SU-2025:4067-1
https://notcve.org/view.php?id=CVE-2025-61985
06 Oct 2025 — ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. This update for openssh fixes the following issues. Fixed code execution via control characters in usernames when a ProxyCommand is used. Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used. • https://marc.info/?l=openssh-unix-dev&m=175974522032149&w=2 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32728 – openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding
https://notcve.org/view.php?id=CVE-2025-32728
10 Apr 2025 — In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations. This update for openssh fixes the following issue. • https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/013_ssh.patch.sig • CWE-440: Expected Behavior Violation •
CVSS: 7.1EPSS: 74%CPEs: 31EXPL: 2CVE-2025-26465 – Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled
https://notcve.org/view.php?id=CVE-2025-26465
18 Feb 2025 — A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. ssh(1) contains a logic error that allows an on-path attacker ... • https://github.com/rxerium/CVE-2025-26465 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0CVE-2024-39894 – Ubuntu Security Notice USN-6887-1
https://notcve.org/view.php?id=CVE-2024-39894
02 Jul 2024 — OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. OpenSSH 9.5 a 9.7 anterior a 9.8 a veces permite ataques de sincronización contra la entrada de contraseña sin eco (por ejemplo, para su y Sudo) debido a un error lógico de ObscureKeystrokeTiming. De manera similar, podrían ocurrir otros ataques de sincronización contra... • http://www.openwall.com/lists/oss-security/2024/07/03/6 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •