CVE-2026-35388 LOW

CVE-2026-35388

Vendor Openbsd
Product OpenSSH
Weakness CWE-420
Published April 2, 2026
Last update April 2, 2026

CVSS base score

2.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Key dates

02Disclosure timeline

April 2, 2026 CVE published
April 2, 2026 Record updated