Vulnerability Details CVE-2026-35387
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 3.1