Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0949

NIXPKGS-2026-0949
published on
Permalink CVE-2026-35387
3.1 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 16 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 4 days, 8 hours ago
  • @LeSuisse removed package openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package opensshWithKerberos 1 day, 16 hours ago
  • @LeSuisse removed package perlPackages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl5Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package lxqt.lxqt-openssh-askpass 1 day, 16 hours ago
  • @LeSuisse removed package perl538Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse removed package perl540Packages.NetOpenSSH 1 day, 16 hours ago
  • @LeSuisse ignored reference https://m… 1 day, 16 hours ago
  • @LeSuisse removed package openssh_gssapi 1 day, 16 hours ago
  • @LeSuisse accepted 1 day, 16 hours ago
  • @LeSuisse published on GitHub 1 day, 16 hours ago
OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of …

OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.

Affected products

OpenSSH
  • <10.3

Matching in nixpkgs

pkgs.openssh_hpn

Implementation of the SSH protocol with high performance networking patches

Ignored packages (8)

Package maintainers