Known Vulnerabilities for OpenSSH by OpenBSD
Listed below are 10 of the newest known vulnerabilities associated with "OpenSSH" by "OpenBSD".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in con... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or Hostba... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requir... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expect... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-0964 | A malicious SCP server can send unexpected paths that could make the client application override local files outside of worki... | Not Provided | 2026-03-26 | 2026-03-26 |
| CVE-2021-41617 | sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation bec... | 7 - HIGH | 2021-09-26 | 2023-12-26 |
| CVE-2021-36368 | ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwa... | 3.7 - LOW | 2022-03-13 | 2023-11-07 |
| CVE-2021-28041 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained ... | 7.1 - HIGH | 2021-03-05 | 2023-11-07 |
| CVE-2020-15778 | ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backt... | 7.8 - HIGH | 2020-07-24 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openbsd | Openssh | 8.4 | - | All | All |
| Application | Openbsd | Openssh | 8.4 | p1 | All | All |
| Application | Openbsd | Openssh | 8.3 | All | All | All |
| Application | Openbsd | Openssh | 8.3 | - | All | All |
| Application | Openbsd | Openssh | 8.3 | p1 | All | All |
| Application | Openbsd | Openssh | 8.2 | All | All | All |
| Application | Openbsd | Openssh | 8.1 | - | All | All |
| Application | Openbsd | Openssh | 8.1 | p1 | All | All |
| Application | Openbsd | Openssh | 8.0 | - | All | All |
| Application | Openbsd | Openssh | 8.0 | p1 | All | All |
| Application | Openbsd | Openssh | 7.9 | - | All | All |
| Application | Openbsd | Openssh | 7.9 | p1 | All | All |
| Application | Openbsd | Openssh | 7.8 | - | All | All |
| Application | Openbsd | Openssh | 7.8 | p1 | All | All |
| Application | Openbsd | Openssh | 7.7 | - | All | All |
| Application | Openbsd | Openssh | 7.7 | p1 | All | All |
| Application | Openbsd | Openssh | 7.6 | - | All | All |
| Application | Openbsd | Openssh | 7.6 | p1 | All | All |
| Application | Openbsd | Openssh | 7.5 | All | All | All |
| Application | Openbsd | Openssh | 7.5 | - | All | All |