OpenSSH vulnerabilities flagged (CVE-2026-35386, CVE-2026-35385, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414)

search cancel

OpenSSH vulnerabilities flagged (CVE-2026-35386, CVE-2026-35385, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414)

book

Article ID: 439026

calendar_today

Updated On:

Products

VMware vCenter Server VMware SDDC Manager / VCF Installer

Issue/Introduction

Security scans are flagging OpenSSH vulnerabilities, specifically CVE-2026-35386, CVE-2026-35385, CVE-2026-35387, CVE-2026-35388, and CVE-2026-35414.

Environment

VMware vSphere 8.0.3
SDDC Manager 5.2.2
VCF 9
Site Recovery Manager 8.x
VMware Live Site Recovery 9.x
VMware Live Recovery 9.x
vSphere Replication 9.x
VCF Protection and Recovery 9.1

Cause

Vulnerability scanners have identified potential OpenSSH CVEs within the environment.

Resolution

VMware By Broadcom is aware of CVE-2026-35386, CVE-2026-35385, CVE-2026-35387, CVE-2026-35388, and CVE-2026-35414.

Best practices recommend keeping SSH disabled when it is not needed for active troubleshooting. Refer to the release notes for existing and forthcoming product releases for any updates in relation to these CVEs.

If you require further information, contact Broadcom Support.

Feedback

thumb_up Yes

thumb_down No