CVE-2026-35388

| EUVD-2026-18404 LOW
2026-04-02 [email protected]
2.5
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 02, 2026 - 17:22 vuln.today
EUVD ID Assigned
Apr 02, 2026 - 17:22 euvd
EUVD-2026-18404
CVE Published
Apr 02, 2026 - 17:16 nvd
LOW 2.5

Tags

Information Disclosure Ssh

Description

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Analysis

OpenSSH before 10.3 fails to confirm connection multiplexing in proxy-mode sessions, allowing local attackers with user interaction to bypass intended access controls and potentially manipulate multiplexed connections. The vulnerability affects OpenSSH versions prior to 10.3p1 and requires local access with user interaction (UI:R) on the affected system; while the CVSS score is low (2.5) and integrity impact is limited, the omission of confirmation mechanisms in proxy-mode multiplexing creates a logic flaw that could enable unauthorized session hijacking or redirection in multi-user environments.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

13
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +12
POC: 0

Share

CVE-2026-35388 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy