8.1

CVE-2026-35414

Medienbericht
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version < 10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.072
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org 4.2 1.6 2.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
04.05.2026 17:53
https://www.openssh.org/releasenotes.html#10.3p1
Release Notes
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
Third Party Advisory
Mailing List
https://www.openwall.com/lists/oss-security/2026/04/02/3
Third Party Advisory