Main Vulnerability Database Vulnerabilities #VU128476

Improper access control in OpenSSH - CVE-2026-35387

Published: April 29, 2026

Vulnerability identifier: #VU128476

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-35387

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenSSH

Affected software:
OpenSSH

Detailed vulnerability description

The vulnerability allows a remote user to bypass configured public key algorithm restrictions.

The vulnerability exists due to improper access control in sshd(8) when applying PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms to ECDSA keys. A remote user can authenticate using an unlisted ECDSA algorithm to bypass configured public key algorithm restrictions.

The issue occurs when one of these directives includes any ECDSA algorithm name.

How to mitigate CVE-2026-35387

Install security update from vendor's website.

Sources

https://www.openssh.org/releasenotes.html#10.3

Improper access control in OpenSSH - CVE-2026-35387

Detailed vulnerability description

How to mitigate CVE-2026-35387

Sources

Please verify you're human