Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
Warning: OpenSSH Root Access Vulnerability (CVE-2026-35414), Patch Immediately!
Image
Veröffentlicht : 29/04/2026
- Last update: 29/04/2026
- Affected software: OpenSSH before 10.3
- Type: Authentication bypass
- CVE/CVSS: CVSS 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-35414
- Vendor: https://www.openssh.org/txt/release-10.3
Risks
OpenSSH is used for remotely managing servers, making it a prime target for attackers. A vulnerability discovered in OpenSSH has been present in nearly all versions released over the past 15 years.
A successful attack grants an intruder root (administrator) access to affected servers, meaning they could execute commands, steal sensitive data, tamper with systems, or cause significant downtime disrupting business operations. Updating OpenSSH to version 10.3 or later should be treated as a priority.
Description
OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios that involve a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. This condition only applies to user-trusted CA keys in authorized_keys, the main certificate authentication path is not affected.
It is worth noting that an attack will not leave traces in the logs. Since log-based detection is ineffective here, deploy host-based intrusion detection and file integrity monitoring to catch signs of compromise.
OpenSSH has not reported any active exploitation of this vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.