Openbsd

Openssh

126 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2026-35414

Medienbericht
  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:08:15
  • Zuletzt bearbeitet 10.04.2026 19:36:57

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

2.5

CVE-2026-35388

  • EPSS 0.01%
  • Veröffentlicht 02.04.2026 16:57:31
  • Zuletzt bearbeitet 27.04.2026 14:12:17

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

6.5

CVE-2026-35387

  • EPSS 0.05%
  • Veröffentlicht 02.04.2026 16:52:53
  • Zuletzt bearbeitet 27.04.2026 14:05:11

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

8.1

CVE-2026-35386

  • EPSS 0.04%
  • Veröffentlicht 02.04.2026 16:44:27
  • Zuletzt bearbeitet 27.04.2026 14:03:07

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh...

8.1

CVE-2026-35385

  • EPSS 0.06%
  • Veröffentlicht 02.04.2026 16:30:59
  • Zuletzt bearbeitet 27.04.2026 14:02:23

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

3.6

CVE-2025-61984

  • EPSS 0.01%
  • Veröffentlicht 06.10.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence exp...

3.6

CVE-2025-61985

  • EPSS 0.02%
  • Veröffentlicht 06.10.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

3.8

CVE-2025-32728

  • EPSS 0.31%
  • Veröffentlicht 10.04.2025 00:00:00
  • Zuletzt bearbeitet 22.05.2025 16:51:54

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.

5.9

CVE-2025-26466

Medienbericht
  • EPSS 62.37%
  • Veröffentlicht 28.02.2025 22:15:40
  • Zuletzt bearbeitet 10.02.2026 18:16:14

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious cli...

6.8

CVE-2025-26465

Medienbericht
  • EPSS 61.22%
  • Veröffentlicht 18.02.2025 19:15:29
  • Zuletzt bearbeitet 12.05.2026 13:16:40

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in spec...