Cyber Resilience

CVE-2026-35388

Low

Published: 02 April 2026

Published
02 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score 0.0013 2.9th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-35388 is a low-severity Unprotected Alternate Channel (CWE-420) vulnerability in Openbsd Openssh. Its CVSS base score is 2.5 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique SSH (T1021.004); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1021.004 SSH Lateral Movement
Adversaries may use [Valid Accounts](https://attack.
T1563.001 SSH Hijacking Lateral Movement
Adversaries may hijack a legitimate user's SSH session to move laterally within an environment.
Why these techniques?

Omission of multiplexing confirmation in proxy mode directly facilitates unauthorized SSH session attachment or hijacking via OpenSSH multiplexing channels.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

openbsd
openssh
≤ 10.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-420

Usage restrictions and authorization for remote access protect against unprotected alternate channels.

addresses: CWE-420

TSCM surveys detect and neutralize unprotected alternate channels introduced by surveillance equipment or modifications.

addresses: CWE-420

Removes or disables unprotected alternate I/O channels that could otherwise be used to bypass primary controls.

References