OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek .
AI Analysis
Technical Summary
CVE-2026-35414 is a vulnerability in OpenSSH affecting versions released over the past 15 years. It arises from a code reuse error where comma characters in SSH certificate principals are treated as list separators during authentication. This causes the server to incorrectly grant root access if a principal contains a comma-separated value like 'deploy,root'. The flaw allows an attacker possessing a valid certificate from a trusted certificate authority to bypass access controls and gain full root shell access. The authentication bypass does not trigger log-based detection mechanisms, complicating incident identification. The issue was resolved in OpenSSH 10.3 in early April 2026.
Potential Impact
Successful exploitation grants an attacker full root shell access on vulnerable OpenSSH servers, potentially compromising all servers within an organization using affected versions. The bypass of authentication controls occurs without generating authentication failure logs, reducing the likelihood of detection through standard log monitoring. This elevates the risk of undetected privilege escalation and system compromise.
Mitigation Recommendations
A fix for this vulnerability is available in OpenSSH version 10.3 released in early April 2026. Organizations should audit their environments to identify affected OpenSSH versions and update to version 10.3 or later as soon as possible. No alternative mitigations are indicated. Patch status is confirmed by the vendor advisory.
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
Description
A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek .
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-35414 is a vulnerability in OpenSSH affecting versions released over the past 15 years. It arises from a code reuse error where comma characters in SSH certificate principals are treated as list separators during authentication. This causes the server to incorrectly grant root access if a principal contains a comma-separated value like 'deploy,root'. The flaw allows an attacker possessing a valid certificate from a trusted certificate authority to bypass access controls and gain full root shell access. The authentication bypass does not trigger log-based detection mechanisms, complicating incident identification. The issue was resolved in OpenSSH 10.3 in early April 2026.
Potential Impact
Successful exploitation grants an attacker full root shell access on vulnerable OpenSSH servers, potentially compromising all servers within an organization using affected versions. The bypass of authentication controls occurs without generating authentication failure logs, reducing the likelihood of detection through standard log monitoring. This elevates the risk of undetected privilege escalation and system compromise.
Mitigation Recommendations
A fix for this vulnerability is available in OpenSSH version 10.3 released in early April 2026. Organizations should audit their environments to identify affected OpenSSH versions and update to version 10.3 or later as soon as possible. No alternative mitigations are indicated. Patch status is confirmed by the vendor advisory.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/","fetched":true,"fetchedAt":"2026-04-27T12:30:05.158Z","wordCount":1034}
Threat ID: 69ef56cdba26a39fba231582
Added to database: 4/27/2026, 12:30:05 PM
Last enriched: 4/27/2026, 12:30:13 PM
Last updated: 6/12/2026, 6:33:55 AM
Views: 493
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.