OpenSSH 10.3 Addresses Critical Shell Injection and Security Issues

OpenSSH 10.3 Addresses Critical Shell Injection and Security Issues

First seen 3 Apr 2026, 07:15 UTC Feeds2.FeedburnerCybersecuritynewsGbhackers 77% similarity 72.0

Article Content

Browse articles
ThreatCluster

OpenSSH released version 10.3 and its portable version 10.3p1 on April 2, 2026, which includes critical security fixes for multiple vulnerabilities, notably a shell injection flaw affecting the -J (ProxyJump) option. This vulnerability could allow attackers to execute arbitrary commands on the system. The update also removes legacy rekeying support, which may impact interoperability with older SSH implementations. System administrators are urged to review the changes and apply the update promptly to mitigate risks. The release follows a testing phase that began in late March 2026. OpenSSH is widely used, making this update essential for many organizations. The project has not specified any CVEs in the articles, but the shell injection flaw is highlighted as particularly dangerous. Users of non-standard or legacy SSH software should verify compatibility before upgrading.

Key Points: • OpenSSH 10.3 fixes a critical shell injection vulnerability in the -J option. • Legacy rekeying support has been removed, affecting older SSH implementations. • System administrators are urged to upgrade to mitigate potential exploitation risks.

ThreatCluster AI

Timeline

2026-03-01
Testing phase for OpenSSH 10.3 begins
2026-04-02
OpenSSH 10.3 and 10.3p1 released with security fixes
Recent
System administrators advised to upgrade promptly

Community

Browse all →