Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Package Manager Icon
Package Manager
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2026-35388

Published: April 4, 2026Last modified: April 17, 2026

Description

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Severity score breakdown

ParameterValue
Base score2.5
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactLOW
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSopensshUnknown (9.1_p1-r3)
25 LTSopensshFixed (10.3_p1-r0)
StreamopensshFixed (10.3_p1-r0)
Hardened Containers23 LTSopensshUnknown (9.1_p1-r3)
25 LTSopensshFixed (10.3_p1-r0)
StreamopensshFixed (10.3_p1-r0)

References

ON THIS PAGE