OpenSSH Flaw

Jon Snow · Apr 28, 2026

Is this something we should be worried about @eva2000 #centminmod

https://www.reddit.com/r/pwnhub/comments/1sxk1dh/openssh_flaw_allows_full_root_access_for_15_years/
Code (Text):
ssh -V
OpenSSH_8.7p1, OpenSSL 3.5.1 1 Jul 2025
Code (Text):
grep -i LoginGraceTime /etc/ssh/sshd_config
#LoginGraceTime 2m

eva2000 · Apr 29, 2026

cve-details

Redhat and thus CentOS/AlmaLinux/Rocky Linux. So affected but risk is low as user needs to opt in to the feature impacted and Centmin Mod doesn't opt-in for this anyway.

Statement
The risk posed by this flaw to Red Hat products is limited. The use of SSH certificates is not enabled by default and requires that users opt-in to the feature. Further, when following documented guidance ssh connections should only be permitted to non-root users which will limit the impact of this flaw.

Mitigation
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Additional information

Bugzilla 2454490: OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option

CWE-168: Improper Handling of Inconsistent Special Elements

External references

https://www.cve.org/CVERecord?id=CVE-2026-35414

NVD - CVE-2026-35414

'Announce: OpenSSH 10.3 released' - MARC

OpenSSH: Release Notes

oss-security - Announce: OpenSSH 10.3 released

Affected Packages and Issued Red Hat Security Errata
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Click to expand...

Log in / Register

Forums

Want to subscribe to topics you're interested in?

OpenSSH Flaw

Jon Snow Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

OpenSSH Flaw

Jon Snow Active Member

eva2000 Administrator Staff Member

.