Scan detects openssh on debian target.
But the CPE is wrong and no vulnerability is detected:
Wrong CPE: cpe:/a:openbsd:openssh:9.2p1
Correct CPE: cpe:/a:openbsd:openssh:9.2:p1
CVE-2026-35414 is known by openVAS and linked to
cpe:/a:openbsd:openssh:9.2:- and cpe:/a:openbsd:openssh:9.2:p1
could be linked to:
Best regards
This is indeed the same as the linked thread with an explanation here:
and the following suggestion which is still valid these days:
As this is not a NASL / VT side problem i have moved this to a better fitting category instead.
Just out of curiosity. All openvas / Debian users are affected and it is not only our system?
I guess it depends how the data is getting consumed. But i would say that all consumers of the NVD API data are affected, independent of the underlying technology because e.g. 9.2p1 is NOT an update / patch to 9.2 but just a different variant of the version / release line of that product.