CVE
CVE-2026-35385
RHSA-2026:13383: openssh security update (Important)
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
- OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)
- OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)
- OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)
- OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)
- OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
C
H
U
-
C
H
U
-
Related Resources
No items found.
References
https://access.redhat.com/errata/RHSA-2026:13383, https://access.redhat.com/security/cve/CVE-2026-35385, https://access.redhat.com/security/cve/CVE-2026-35386, https://access.redhat.com/security/cve/CVE-2026-35387, https://access.redhat.com/security/cve/CVE-2026-35388, https://access.redhat.com/security/cve/CVE-2026-35414
Basic Information
Ecosystem
