CVE-2026-35387

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

LOW 3,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: none

Description

AI Translation Available

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

670

Always-Incorrect Control Flow Implementation

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Other Alter Execution Logic

Applicable Platforms

All platforms may be affected

View CWE Details

https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2

https://www.openssh.org/releasenotes.html#10.3p1

https://www.openwall.com/lists/oss-security/2026/04/02/3

CVE-2026-35387

Description

Always-Incorrect Control Flow Implementation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter