OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

📅 27 April 2026 at 12:29 UTC📰 Security WeekView original source ↗

A code reuse issue enabled comma characters in certificate principals to be interpreted as list separators. The post OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years appeared first on SecurityWeek.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A 15-year-old code reuse issue in OpenSSH allowed for full root shell access via comma characters in certificate principals, posing a significant threat to systems with vulnerable configurations.

⚙️Technical Details

Affected Systems

/usr/bin/ssh

Attack Vectors

certificate principal manipulation

💥Impact Assessment

Severity: critical

Who Is at Risk

systems with OpenSSH installed and vulnerable configurations

🛡️Recommended Actions

1Update OpenSSH to the latest version

2Verify certificate principals for potential comma character manipulation

3Restrict root shell access via configuration changes

📦Affected Products

/usr/bin/ssh

Read the full article

This is a curated summary. The complete article is available at Security Week.

Read on Security Week ↗

← Back to feed