Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0946

NIXPKGS-2026-0946
published on
Permalink CVE-2026-35386
3.6 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 16 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 4 days, 8 hours ago
  • @LeSuisse ignored reference https://m… 1 day, 16 hours ago
  • @LeSuisse removed package opensshTest 1 day, 16 hours ago
  • @LeSuisse removed package openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package perlPackages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl5Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package lxqt.lxqt-openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package perl538Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl540Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse accepted 1 day, 16 hours ago
  • @LeSuisse published on GitHub 1 day, 16 hours ago
In OpenSSH before 10.3, command execution can occur via shell …

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.

Affected products

OpenSSH
  • <10.3

Matching in nixpkgs

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

Ignored packages (7)

Package maintainers