Low severity3.6NVD Advisory· Published Apr 2, 2026· Updated Apr 27, 2026
CVE-2026-35386
CVE-2026-35386
Description
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- Range: <10.3
- osv-coords9 versionspkg:rpm/almalinux/opensshpkg:rpm/almalinux/openssh-askpasspkg:rpm/almalinux/openssh-cavspkg:rpm/almalinux/openssh-clientspkg:rpm/almalinux/openssh-keycatpkg:rpm/almalinux/openssh-keysignpkg:rpm/almalinux/openssh-ldappkg:rpm/almalinux/openssh-serverpkg:rpm/almalinux/pam_ssh_agent_auth
< 9.9p1-14.el10_1.alma.1+ 8 more
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 8.0p1-29.el8_10
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 8.0p1-29.el8_10
- (no CPE)range: < 9.9p1-14.el10_1.alma.1
- (no CPE)range: < 0.10.4-5.49.el9_7.alma.1
Patches
Vulnerability mechanics
References
3- marc.infonvdThird Party Advisory
- www.openwall.com/lists/oss-security/2026/04/02/3nvdThird Party Advisory
- www.openssh.org/releasenotes.htmlnvdRelease Notes
News mentions
1- Debian 13.5 point release lands with security fixes, bug patchesHelp Net Security · May 17, 2026