Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0947

NIXPKGS-2026-0947
published on
Permalink CVE-2026-35388
2.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 16 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 4 days, 8 hours ago
  • @LeSuisse ignored reference https://m… 1 day, 16 hours ago
  • @LeSuisse removed package opensshTest 1 day, 16 hours ago
  • @LeSuisse removed package openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package perlPackages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl5Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package lxqt.lxqt-openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package perl538Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl540Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse accepted 1 day, 16 hours ago
  • @LeSuisse published on GitHub 1 day, 16 hours ago
OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing …

OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.

Affected products

OpenSSH
  • <10.3

Matching in nixpkgs

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

Ignored packages (7)

Package maintainers