Vulnerability Details CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 15.9%
CVSS Severity
CVSS v3 Score 3.6
Products affected by CVE-2026-35386
-
cpe:2.3:a:openbsd:openssh:10.0
-
cpe:2.3:a:openbsd:openssh:10.1
-
cpe:2.3:a:openbsd:openssh:10.2