OpenSSH is a suite of secure networking utilities based on the SSH protocol, providing encrypted communication sessions over a network. It's commonly used for remote login, file transfer, and secure tunneling. OpenSSH is an essential tool for secure system administration.

What are the risks associated with CVE-2026-35385?

CVE-2026-35385 can lead to files downloaded via `scp` being installed with unintended setuid or setgid permissions. This can result in privilege escalation, where an attacker gains elevated access to the system. It is crucial to update OpenSSH to mitigate this risk.

How do I update OpenSSH to the latest version?

You can update OpenSSH using your system's package manager. The specific command depends on your distribution, but a common command is `composer update openssh`. After updating, verify the version using `ssh -V`.

What versions of OpenSSH are affected by these vulnerabilities?

These vulnerabilities affect OpenSSH versions prior to 10.3. It is highly recommended to update to version 10.3 or later to address these security concerns and ensure the stability and security of your system.

OpenSSH Patches Multiple Vulnerabilities (CVE-2026)

Multiple vulnerabilities have been discovered in OpenSSH, potentially leading to privilege escalation and security bypasses. These issues affect users running OpenSSH versions prior to 10.3. A patch is now available to address these vulnerabilities.

These vulnerabilities range from low to medium severity, requiring prompt attention.

What is Openssh?

Openssh is a suite of security-related network-level utilities based on the Secure Shell protocol. It provides encrypted communication sessions over a network. It is commonly used for remote login, file transfer, and secure tunneling. To learn more, you can search all openssh CVEs.

CVE-2026-35385: scp setuid/setgid Vulnerability

CVSS7.5

Affected versionsThis vulnerability affects OpenSSH versions prior to 10.3 when using `scp` as root with the `-O` option (legacy scp protocol) and without the `-p` option.

High severity due to potential privilege escalation.

When using the legacy scp protocol with the `-O` option as root, downloaded files may be incorrectly installed with setuid or setgid permissions. This occurs when the `-p` option (preserve mode) is not used, leading to unexpected privilege escalation.

How to fix CVE-2026-35385 in Openssh

Patch within 24h

1.Update OpenSSH to version 10.3 or later.

Update OpenSSH

composer update openssh

Verify with:

verify

ssh -V

Workaround: Avoid using the `-O` option with `scp` as root, or always use the `-p` option to preserve file modes.

NextGuard automatically flags CVE-2026-35385 if Openssh appears in any of your monitored projects — no manual lookup required.

CVE-2026-35387: Unintended ECDSA Algorithms

CVSS3.1

Affected versionsThis vulnerability affects OpenSSH versions prior to 10.3. Systems that rely on specific ECDSA algorithm configurations in `PubkeyAcceptedAlgorithms` or `HostbasedAcceptedAlgorithms` are particularly at risk.

Low severity due to potential algorithm misuse.

OpenSSH interprets the listing of any ECDSA algorithm in `PubkeyAcceptedAlgorithms` or `HostbasedAcceptedAlgorithms` to mean all ECDSA algorithms. This can lead to the use of unintended and potentially weaker algorithms.

How to fix CVE-2026-35387 in Openssh

Patch within 7 days

1.Update OpenSSH to version 10.3 or later.

Update OpenSSH

composer update openssh

Verify with:

verify

ssh -V

Workaround: Carefully review and explicitly define the allowed ECDSA algorithms in `PubkeyAcceptedAlgorithms` and `HostbasedAcceptedAlgorithms`.

NextGuard automatically flags CVE-2026-35387 if Openssh appears in any of your monitored projects — no manual lookup required.

CVE-2026-35388: Missing Multiplexing Confirmation

CVSS2.5

Affected versionsThis vulnerability affects OpenSSH versions prior to 10.3 when using proxy-mode multiplexing sessions.

Low severity due to potential session issues.

OpenSSH omits connection multiplexing confirmation for proxy-mode multiplexing sessions. This lack of confirmation could potentially lead to unexpected session behavior or denial-of-service conditions.

How to fix CVE-2026-35388 in Openssh

Patch within 7 days

1.Update OpenSSH to version 10.3 or later.

Update OpenSSH

composer update openssh

Verify with:

verify

ssh -V

Workaround: No specific workaround is available. Updating to the latest version is recommended.

NextGuard automatically flags CVE-2026-35388 if Openssh appears in any of your monitored projects — no manual lookup required.

Stay ahead of linux vulnerabilities

Proactively manage your security posture by tracking and mitigating potential threats. Use NextGuard to monitor your linux dependencies.

Start Monitoring

Frequently asked questions

Multiple vulnerabilities in OpenSSH have been addressed with the release of version 10.3. It is crucial to update your systems to protect against potential exploits. You can see all linux vulnerabilities on our platform.