2 matches found
OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username
A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...
CVE-2026-35386
OpenSSH CVE-2026-35386 affects OpenSSH before 10.3. The vulnerability allows potential command execution via shell metacharacters in a username supplied on the command line, requiring an untrusted username and a non-default ssh_config with a % in use. Connected advisories (OpenSSH