CVE-2026-35387
EUVD-2026-1840202.04.2026, 17:16
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 𝑥 < 10.3 |
𝑥
= Vulnerable software versions
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssh |
| ||||||||||||||||
| openssh-askpass |
| ||||||||||||||||
| openssh-cavs |
| ||||||||||||||||
| openssh-clients |
| ||||||||||||||||
| openssh-keycat |
| ||||||||||||||||
| openssh-ldap |
| ||||||||||||||||
| openssh-server |
| ||||||||||||||||
| pam |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| openssh |
| ||
| openssh-clients |
| ||
| openssh-clients-debuginfo |
| ||
| openssh-debuginfo |
| ||
| openssh-debugsource |
| ||
| openssh-keycat |
| ||
| openssh-keycat-debuginfo |
| ||
| openssh-server |
| ||
| openssh-server-debuginfo |
| ||
| pam_ssh_agent_auth |
| ||
| pam_ssh_agent_auth-debuginfo |
|
Common Weakness Enumeration