CVE-2026-35386
EUVD-2026-1840002.04.2026, 17:16
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 𝑥 < 10.3 |
𝑥
= Vulnerable software versions
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssh |
| ||||||||||||||||
| openssh-askpass |
| ||||||||||||||||
| openssh-cavs |
| ||||||||||||||||
| openssh-clients |
| ||||||||||||||||
| openssh-keycat |
| ||||||||||||||||
| openssh-ldap |
| ||||||||||||||||
| openssh-server |
| ||||||||||||||||
| pam |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| openssh |
| ||
| openssh-clients |
| ||
| openssh-clients-debuginfo |
| ||
| openssh-debuginfo |
| ||
| openssh-debugsource |
| ||
| openssh-keycat |
| ||
| openssh-keycat-debuginfo |
| ||
| openssh-server |
| ||
| openssh-server-debuginfo |
| ||
| pam_ssh_agent_auth |
| ||
| pam_ssh_agent_auth-debuginfo |
|
Common Weakness Enumeration