Zero Day MonitorZDM

← Back to list

3.6

CVE-2026-35386EXPLOITEDPATCHED

openbsd · openssh

CVE-2026-35386: In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This r

Description

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Affected Products

Vendor	Product	Versions
openbsd	openssh	0, < 10.3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
ibm	qradar siem	cert_advisory	90%
open source	openssh	cert_advisory	90%

References

Related News (5 articles)

Tier B

BSI Advisories21d ago

[NEU] [hoch] IBM QRadar SIEM: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories70d ago

[NEU] [mittel] OpenSSH: Mehrere Schwachstellen

→ No new info (linked only)

Tier A

Microsoft MSRC70d ago

→ No new info (linked only)

Tier C

oss-security74d ago

Re: Announce: OpenSSH 10.3 released

→ No new info (linked only)

Tier C

VulDB75d ago

CVE-2026-35386 | OpenSSH up to 10.2 Command Line ssh_config incorrect behavior order

→ No new info (linked only)

CVSS 3.13.6 LOW

VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

10.3

CWECWE-696, CWE-78

PublishedApr 2, 2026

Last enriched75d agov2

Tags

problematiccommand-injectionsshmetacharacter-bypass

Trending Score3

Source articles5

Independent4

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

OpenBSD sppp_pap_input PAP Authentication Bypass Vulnerability

HIGHCVE-2026-35385

CVE-2026-35385: In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' e

LOWCVE-2026-35388

CVE-2026-35388: OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

MEDIUMCVE-2026-35414EXP

CVE-2026-35414: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i

LOWCVE-2026-35387EXP

CVE-2026-35387: OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or H

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: severity, cvssEstimate, tags

Apr 2, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Version History

v2

Last enriched 75d ago

v2Tier C75d ago

Updated severity to MEDIUM, CVSS estimate to 4.0, and added tag 'problematic'.

severitycvssEstimatetags

via VulDB

v175d ago

Initial creation