3 matches found
OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username
A flaw was found in OpenSSH. This vulnerability allows a remote attacker to achieve arbitrary command execution by injecting shell metacharacters into a username provided on the command line. Exploitation requires an untrusted username and a non-default configuration of the '%' character in...
CVE-2026-35386
OpenSSH CVE-2026-35386 affects OpenSSH before 10.3. The vulnerability allows potential command execution via shell metacharacters in a username supplied on the command line, requiring an untrusted username and a non-default ssh_config with a % in use. Connected advisories (OpenSSH
CVE-2026-35386
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...