CVE-2026-35414: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Affected Products

Vendor	Product	Versions
openssh	openssh	0, < 10.3

References

Related News (3 articles)

Tier C

oss-security4h ago

Re: Announce: OpenSSH 10.3 released

→ No new info (linked only)

Tier C

oss-security5h ago

Re: Announce: OpenSSH 10.3 released

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-35414 | OpenSSH up to 10.2 Certificate authorized_keys control flow

→ No new info (linked only)

CVE-2026-35414: OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i

Description

Affected Products

References

Related News (3 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History