{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T20:09:32.616","vulnerabilities":[{"cve":{"id":"CVE-2026-35386","sourceIdentifier":"cve@mitre.org","published":"2026-04-02T17:16:27.623","lastModified":"2026-04-03T16:10:23.730","vulnStatus":"Undergoing Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":3.6,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":2.5}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-696"}]}],"references":[{"url":"https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2","source":"cve@mitre.org"},{"url":"https://www.openssh.org/releasenotes.html#10.3p1","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/04/02/3","source":"cve@mitre.org"}]}}]}