CVE-2026-35387

EUVD-2026-18402
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
openbsdopenssh
𝑥
< 10.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
1:9.2p1-2+deb12u10
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
1:8.4p1-5+deb11u7
fixed
forky
1:10.3p1-1
fixed
sid
1:10.3p1-2
fixed
trixie
1:10.0p1-7+deb13u4
fixed
trixie (security)
vulnerable
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
openssh
RHEL 8
0:8.0p1-29.el8_10
fixed
RHEL 9
0:9.9p1-7.el9_8
fixed
openssh-askpass
RHEL 8
0:8.0p1-29.el8_10
fixed
RHEL 9
0:9.9p1-7.el9_8
fixed
openssh-cavs
RHEL 8
0:8.0p1-29.el8_10
fixed
openssh-clients
RHEL 8
0:8.0p1-29.el8_10
fixed
RHEL 9
0:9.9p1-7.el9_8
fixed
openssh-keycat
RHEL 8
0:8.0p1-29.el8_10
fixed
RHEL 9
0:9.9p1-7.el9_8
fixed
openssh-ldap
RHEL 8
0:8.0p1-29.el8_10
fixed
openssh-server
RHEL 8
0:8.0p1-29.el8_10
fixed
RHEL 9
0:9.9p1-7.el9_8
fixed
pam
RHEL 8
0:0.10.3-7.29.el8_10
fixed
RHEL 9
0:0.10.4-7.7.el9_8
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
https://www.openssh.org/releasenotes.html#10.3p1
https://www.openwall.com/lists/oss-security/2026/04/02/3