CVE-2026-35414

ADVISORY - nist

Summary

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

EPSS Score⁠: 0.00016 (0.036)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-670⁠

Always-Incorrect Control Flow Implementation

ADVISORY - redhat

CWE-168⁠

Improper Handling of Inconsistent Special Elements

Impacted images

Advisories

NIST

CREATED

5 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-35414⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-670⁠

CVSS SCORE

4.2medium

Alpine

CREATED

4 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-35414⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

5 days ago

UPDATED

9 hours ago

ADVISORY IDCVE-2026-35414⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

5 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-35414⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.4medium

Red Hat

CREATED

6 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-35414⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-168⁠

CVSS SCORE

4.8medium