What is the CVSS score of CVE-2026-35414?

CVE-2026-35414 has a CVSS 3.1 base score of 4.2 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-35414?

Yes, a patch is available for CVE-2026-35414. Update the affected software to the latest version immediately.

SSH CVE-2026-35414

EUVD-2026-18480 MEDIUM

Always-Incorrect Control Flow Implementation (CWE-670)

2026-04-02 mitre

Information Disclosure SSH Red Hat Suse

4.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

10.3

EUVD ID Assigned

Apr 02, 2026 - 17:30 euvd

EUVD-2026-18480

Analysis Generated

Apr 02, 2026 - 17:30 vuln.today

CVE Published

Apr 02, 2026 - 17:08 nvd

MEDIUM 4.2

DescriptionNVD

OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.

AnalysisAI

OpenSSH before version 10.3 mishandles the authorized_keys principals option when a principals list is combined with a Certificate Authority that uses certain comma character patterns, allowing authenticated local or remote users to disclose sensitive authorization information or manipulate authentication decisions. This vulnerability affects all OpenSSH versions prior to 10.3p1 and requires authenticated access (PR:L) with non-trivial attack complexity (AC:H), resulting in partial confidentiality and integrity impact. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory