CVE-2026-35385PATCHED

openbsd · openssh

CVE-2026-35385: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' e

Description

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Affected Products

Vendor	Product	Versions
openbsd	openssh	0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	qradar siem	cert_advisory	90%
open source	openssh	cert_advisory	90%

References

Related News (6 articles)

Tier B

BSI Advisories21d ago

[NEU] [hoch] IBM QRadar SIEM: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR65d ago

Multiples vulnérabilités dans les produits Microsoft (13 avril 2026)

→ No new info (linked only)

Tier B

BSI Advisories70d ago

[NEU] [mittel] OpenSSH: Mehrere Schwachstellen

→ No new info (linked only)

Tier A

Microsoft MSRC70d ago

CVE-2026-35385

→ No new info (linked only)

Tier C

oss-security74d ago

Re: Announce: OpenSSH 10.3 released

→ No new info (linked only)

Tier C

VulDB75d ago

CVE-2026-35385 | OpenSSH up to 10.2 scp permissions

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

10.2

CWECWE-281

PublishedApr 2, 2026

Last enriched75d agov2

Trending Score6

Source articles6

Independent5

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-55706

CVE-2026-55706: sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values f

Trending: 35

HIGHPRE-CVE

OpenBSD sppp_pap_input PAP Authentication Bypass Vulnerability

Trending: 26

LOWCVE-2026-35388

CVE-2026-35388: OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Trending: 4

LOWCVE-2026-35386EXP

CVE-2026-35386: In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This r

Trending: 3

MEDIUMCVE-2026-35414EXP

CVE-2026-35414: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i

Trending: 3

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: severity, patchAvailable

Apr 2, 2026

Patch Available

Apr 3, 2026

Version History

Last enriched 75d ago

v2Tier C75d ago

Updated severity to CRITICAL and corrected patch availability to 10.2.

severitypatchAvailable

via VulDB

v175d ago

Initial creation