Home / mailings [USN-8222-1] OpenSSH vulnerabilities
Posted on 29 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8222-1
April 29, 2026
openssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in OpenSSH.
Software Description:
- openssh: secure shell (SSH) for secure access to remote machines
Details:
Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly
handled the legacy scp protocol (-O) option. This could result in certain
files being installed setuid or setgid, contrary to expectations.
(CVE-2026-35385)
Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell
metacharacters in usernames within a command line. When untrusted usernames
and non-default configurations using % in ssh_config are being used, an
attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-35386)
Christos Papakonstantinou discovered that OpenSSH incorrectly handled
parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms
options. This could result in unintended ECDSA algorithms being used,
contrary to expectations. (CVE-2026-35387)
Michalis Vasileiadis discovered that OpenSSH incorrectly handled
proxy-mode multiplexing sessions. This could result in no confirmation
being asked, contrary to expectations. (CVE-2026-35388)
Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates
with the principal name containing a comma character when using user-trusted
CA keys in authorized_keys and an authorized_keys principals="" option
that lists more than one principal. This could result in inappropriate
principal matching, contrary to expectations. (CVE-2026-35414)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
openssh-client 1:10.2p1-2ubuntu3.2
openssh-server 1:10.2p1-2ubuntu3.2
Ubuntu 25.10
openssh-client 1:10.0p1-5ubuntu5.4
openssh-server 1:10.0p1-5ubuntu5.4
Ubuntu 24.04 LTS
openssh-client 1:9.6p1-3ubuntu13.16
openssh-server 1:9.6p1-3ubuntu13.16
Ubuntu 22.04 LTS
openssh-client 1:8.9p1-3ubuntu0.15
openssh-server 1:8.9p1-3ubuntu0.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8222-1
CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388,
CVE-2026-35414
Package Information:
https://launchpad.net/ubuntu/+source/openssh/1:10.2p1-2ubuntu3.2
https://launchpad.net/ubuntu/+source/openssh/1:10.0p1-5ubuntu5.4
https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.16
https://launchpad.net/ubuntu/+source/openssh/1:8.9p1-3ubuntu0.15
--===============4431932274893561805==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
