CVE-2026-35414
EUVD-2026-1848002.04.2026, 18:16
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 𝑥 < 10.3 |
𝑥
= Vulnerable software versions
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssh |
| ||||||||||||||||
| openssh-askpass |
| ||||||||||||||||
| openssh-cavs |
| ||||||||||||||||
| openssh-clients |
| ||||||||||||||||
| openssh-keycat |
| ||||||||||||||||
| openssh-ldap |
| ||||||||||||||||
| openssh-server |
| ||||||||||||||||
| pam |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| openssh |
| ||||
| openssh-askpass |
| ||||
| openssh-cavs |
| ||||
| openssh-clients |
| ||||
| openssh-clients-debuginfo |
| ||||
| openssh-debuginfo |
| ||||
| openssh-debugsource |
| ||||
| openssh-keycat |
| ||||
| openssh-keycat-debuginfo |
| ||||
| openssh-ldap |
| ||||
| openssh-server |
| ||||
| openssh-server-debuginfo |
| ||||
| openssh-server-sysvinit |
| ||||
| pam_ssh_agent_auth |
| ||||
| pam_ssh_agent_auth-debuginfo |
|
Common Weakness Enumeration