CVE-2026-35414

Medium CVSS: 4.2

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Vendor

Openbsd

Product

Openssh

CWE

CWE-670

Yayın Tarihi

2026-04-02 18:16:34

Güncelleme

2026-04-03 19:39:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-670 Openssh MEDIUM Openbsd 2026

Referanslar

https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 https://www.openssh.org/releasenotes.html#10.3p1 https://www.openwall.com/lists/oss-security/2026/04/02/3

Benzer Kayıtlar

Medium

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it dis…

High

CVE-2025-30334

In OpenBSD 7.6 before errata 006 and OpenBSD 7.5 before errata 015, traffic sent over wg(4) could result in kernel crash…

Medium

CVE-2025-26466

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a m…

Medium

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be…