CVE-2026-35388 - Low Severity Vulnerability
Vulnerable Library - srcvendor/mport/2.7.6
Library home page: https://github.com/MidnightBSD/src.git
Found in base branch: stable/4.0
Vulnerable Source Files (1)
/crypto/openssh/mux.c
Vulnerability Details
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
Publish Date: 2026-04-02
URL: CVE-2026-35388
CVSS 3 Score Details (2.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-04-02
Fix Resolution: https://github.com/openssh/openssh-portable.git - V_10_3_P1
Step up your Open Source Security Game with Mend here
CVE-2026-35388 - Low Severity Vulnerability
Library home page: https://github.com/MidnightBSD/src.git
Found in base branch: stable/4.0
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.
Publish Date: 2026-04-02
URL: CVE-2026-35388
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-04-02
Fix Resolution: https://github.com/openssh/openssh-portable.git - V_10_3_P1
Step up your Open Source Security Game with Mend here