OpenSSH versions released over the past 15 years are vulnerable to CVE-2026-35414, which mishandles comma characters in certificate principals and can lead to full root access. The flaw bypasses log-based detection because the server treats the authentication as legitimate, and it was fixed in OpenSSH 10.3 β organizations should audit and upgrade immediately. #OpenSSH #CVE-2026-35414
Keypoints
- CVE-2026-35414 allows OpenSSH access control bypass by misinterpreting commas in certificate principals.
- A valid certificate from a trusted CA containing a principal like βdeploy,rootβ can grant full root authentication.
- The root cause is inconsistent parsing: one function splits comma-separated lists while another treats the principal as a single string.
- Successful exploitation does not register authentication failures in logs, making log-based detection unreliable.
- The vulnerability was fixed in OpenSSH 10.3; organizations should audit affected systems and update immediately.
Read More: https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/