Plattform
linux
Komponente
openssh
Behoben in
10.3
CVE-2026-35388 describes a vulnerability in OpenSSH affecting versions before 10.3. This issue stems from a lack of confirmation for multiplexing connections when using proxy-mode sessions. An attacker could potentially exploit this to disrupt OpenSSH services, leading to denial-of-service conditions. The vulnerability is resolved in OpenSSH version 10.3.
The primary impact of CVE-2026-35388 is a potential denial-of-service (DoS). An attacker leveraging this vulnerability could craft malicious requests to overwhelm the OpenSSH server, preventing legitimate users from establishing connections. This could disrupt remote access, SSH tunneling, and other services reliant on OpenSSH. While the CVSS score is low, the impact can be significant in environments where SSH is critical for system administration or secure remote access. The lack of connection multiplexing confirmation allows for easier exploitation and resource exhaustion. The blast radius is limited to the OpenSSH service itself; however, the disruption of SSH access can cascade to dependent systems and applications.
CVE-2026-35388 was published on April 2, 2026. The vulnerability's CVSS score of 2.5 indicates a low probability of exploitation. As of the publication date, no public proof-of-concept (PoC) code has been released. It is not currently listed on KEV or EPSS, suggesting a low immediate threat. Monitor security advisories and threat intelligence feeds for any changes in the exploitation landscape.
Exploit-Status
EPSS
0.01% (2% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-35388 is to upgrade OpenSSH to version 10.3 or later. Before upgrading, it's crucial to review the OpenSSH 10.3 release notes for any compatibility issues with existing configurations or applications. If a direct upgrade is not feasible due to compatibility concerns, consider implementing temporary workarounds such as rate limiting SSH connections at the firewall or proxy level to mitigate potential DoS attacks. Monitor OpenSSH logs for unusual connection patterns or errors that might indicate exploitation attempts. After upgrading, confirm the fix by attempting to establish a proxy-mode multiplexing session and verifying that connection confirmation is properly handled.
Actualice OpenSSH a la versión 10.3 o superior. Esto solucionará la omisión de la confirmación de multiplexación de conexión para las sesiones de multiplexación en modo proxy.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a vulnerability in OpenSSH versions before 10.3 where connection multiplexing confirmation is missing in proxy-mode sessions, potentially disrupting connections.
If you are running OpenSSH versions 0.0 through 10.2, you are potentially affected. Check your OpenSSH version and upgrade if necessary.
Upgrade OpenSSH to version 10.3 or later. Test the upgrade in a non-production environment first.
Currently, there are no publicly known exploits or active campaigns targeting this vulnerability.
Refer to the official NVD entry for CVE-2026-35388 and the OpenSSH security advisories for detailed information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.