CVE-2026-35388

CWE-420CWE-306Missing Authentication9 documents8 sources
Severity
2.5LOW
EPSS
0.0%
top 98.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openbsd Openssh
Timeline
PublishedApr 2
Latest updateApr 3

Description

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages1 packages

CVEListV5openbsd/openssh< 10.3

🔴Vulnerability Details

4
OSV
CVE-2026-35388: (OpenSSH before 102026-04-03
CVEList
CVE-2026-35388: OpenSSH before 102026-04-02
GHSA
GHSA-9fjj-jvxf-738c: OpenSSH before 102026-04-02
OSV
CVE-2026-35388: OpenSSH before 102026-04-02

📋Vendor Advisories

3
Red Hat
OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions2026-04-02
Microsoft
CVE-2026-35388: Mariner: Mariner mitre: mitre Customer Action Required: Yes2026-04-02
Debian
CVE-2026-35388: openssh - OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode mu...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-35388 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-35388 (LOW CVSS 2.5) | OpenSSH before 10.3 omits connectio | cvebase.io