OpenSSH 10.3 Addresses Critical Shell Injection and Security Issues

Severity: High (Score: 72.0)

Sources: Cybersecuritynews, Gbhackers, Feeds2.Feedburner

Summary

OpenSSH released version 10.3 and its portable version 10.3p1 on April 2, 2026, which includes critical security fixes for multiple vulnerabilities, notably a shell injection flaw affecting the -J (ProxyJump) option. This vulnerability could allow attackers to execute arbitrary commands on the system. The update also removes legacy rekeying support, which may impact interoperability with older SSH implementations. System administrators are urged to review the changes and apply the update promptly to mitigate risks. The release follows a testing phase that began in late March 2026. OpenSSH is widely used, making this update essential for many organizations. The project has not specified any CVEs in the articles, but the shell injection flaw is highlighted as particularly dangerous. Users of non-standard or legacy SSH software should verify compatibility before upgrading. Key Points: • OpenSSH 10.3 fixes a critical shell injection vulnerability in the -J option. • Legacy rekeying support has been removed, affecting older SSH implementations. • System administrators are urged to upgrade to mitigate potential exploitation risks.

Key Entities

• OpenSSH (platform)