Skip to main content

SSH EUVDEUVD-2026-18402

| CVE-2026-35387 LOW
Always-Incorrect Control Flow Implementation (CWE-670)
2026-04-02 cve@mitre.org
3.1
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.1 LOW
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
10.3
EUVD ID Assigned
Apr 02, 2026 - 17:22 euvd
EUVD-2026-18402
Analysis Generated
Apr 02, 2026 - 17:22 vuln.today
CVE Published
Apr 02, 2026 - 17:16 nvd
LOW 3.1

DescriptionCVE.org

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

AnalysisAI

OpenSSH before 10.3 incorrectly interprets ECDSA algorithm specifications in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms configuration options, allowing authenticated users to authenticate using unintended ECDSA variants. The vulnerability requires authenticated network access and high attack complexity, resulting in a low CVSS score of 3.1 with integrity impact but no confidentiality or availability loss. No public exploit code or active exploitation has been documented.

Technical ContextAI

The vulnerability exists in OpenSSH's cryptographic algorithm negotiation logic, specifically in the parsing and interpretation of ECDSA algorithm lists in SSH configuration files. When an administrator specifies a single ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms (such as ecdsa-sha2-nistp256), the implementation incorrectly enables all ECDSA algorithm variants (ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521) rather than restricting authentication to only the specified algorithm. This represents a failure in algorithm whitelisting logic (CWE-670: Improper Initialization with Hard-Coded Network Resource Configuration Data), where the intended fine-grained access control policy is undermined by overly permissive algorithm matching.

RemediationAI

Upgrade OpenSSH to version 10.3p1 or later, which corrects the ECDSA algorithm interpretation logic (https://www.openssh.org/releasenotes.html#10.3p1). For systems unable to upgrade immediately, implement strict algorithm specification in PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms by explicitly listing only desired ECDSA variants and avoiding catch-all patterns; additionally, review SSH key policies to minimize reliance on ECDSA authentication and consider preferring Ed25519-based keys where feasible. Consult the OpenSSH security advisory for distribution-specific patches (https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2).

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Share

EUVD-2026-18402 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy