Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
AnalysisAI
OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.
Technical ContextAI
The vulnerability exists in OpenSSH's cryptographic algorithm negotiation logic, specifically in the parsing and interpretation of ECDSA algorithm lists in SSH configuration files. When an administrator specifies a single ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms (such as ecdsa-sha2-nistp256), the implementation incorrectly enables all ECDSA algorithm variants (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521) rather than restricting authentication to only the specified algorithm. This represents a failure in algorithm whitelisting logic (CWE-670: Improper Initialization with Hard-Coded Network Resource Configuration Data), where the intended fine-grained access control policy is undermined by overly permissive algorithm matching.
RemediationAI
Upgrade OpenSSH to version 10.3p1 or later, which corrects the ECDSA algorithm interpretation logic (https://www.openssh.org/releasenotes.html#10.3p1). For systems unable to upgrade immediately, implement strict algorithm specification in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms by explicitly listing only desired ECDSA variants and avoiding catch-all patterns; additionally, review SSH key policies to minimize reliance on ECDSA authentication and consider preferring Ed25519-based keys where feasible. Consult the OpenSSH security advisory for distribution-specific patches (https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2).
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18402