Back

Critical OpenSSH Vulnerability Allows Root Access Exploitation

Severity: High (Score: 74.0)

Sources: Ccb.Belgium.Be, nvd.nist.gov, Cisecurity, www.securityweek.com

Summary

A significant vulnerability (CVE-2026-35414) in OpenSSH has been identified, allowing attackers to bypass authentication and gain root access to affected servers. This flaw affects OpenSSH versions prior to 10.3 and has been present for nearly 15 years. Exploitation involves manipulating the authorized_keys principals option using a Certificate Authority that improperly handles comma characters. Successful exploitation can lead to unauthorized command execution, data theft, and system tampering without leaving traces in logs. Organizations are urged to update to OpenSSH 10.3 or later immediately. The Centre for Cybersecurity Belgium has emphasized the urgency of patching vulnerable systems and enhancing monitoring capabilities. As of now, there are no reports of active exploitation of this vulnerability. Key Points: • CVE-2026-35414 allows root access via OpenSSH versions before 10.3. • The vulnerability has existed for nearly 15 years, affecting many systems. • Immediate patching and enhanced monitoring are critical to mitigate risks.

Key Entities

  • Data Breach (attack_type)
  • Belgium (country)
  • CVE-2026-35414 (cve)
  • CWE-287 - Improper Authentication (cwe)
  • T1021 - Remote Services (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • OpenSSH (platform)
  • OpenSSH Root Access Vulnerability (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed