CVE-2026-35386

Published: Apr 02, 2026 Last Modified: Apr 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,6
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

696

Incorrect Behavior Order

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Alter Execution Logic
Applicable Platforms
Technologies: Not Technology-Specific, Web Based
View CWE Details
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
https://www.openssh.org/releasenotes.html#10.3p1
https://www.openssh.org/releasenotes.html#10.3p1
https://www.openwall.com/lists/oss-security/2026/04/02/3
https://www.openwall.com/lists/oss-security/2026/04/02/3