vulnerability

OpenSSH Vulnerability: CVE-2026-35414

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Apr 17, 2026	Apr 17, 2026	Apr 17, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Apr 17, 2026

Added

Apr 17, 2026

Modified

Apr 17, 2026

Description

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

Solution

openbsd-openssh-upgrade-10_3

References

CVE-2026-35414
https://attackerkb.com/topics/CVE-2026-35414
CWE-670
EUVD-EUVD-2026-18480
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-18480

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report