Vulnerability Details CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.7%
CVSS Severity
CVSS v3 Score 3.6