Red Hat Product Errata RHSA-2026:13380 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13380 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM openssh-9.9p1-14.el10_1.src.rpm SHA-256: e1ad4f384d8a47c2dda9a36ee61423645c104ff8592f949dbd92847bd4d4c9ae x86_64 openssh-9.9p1-14.el10_1.x86_64.rpm SHA-256: 168ff1d747c4f62669f091058025ab8f6c76707920a1fe0c83b19f815a4b5c7b openssh-askpass-9.9p1-14.el10_1.x86_64.rpm SHA-256: da9df272aab329e3c3a757abcd1c309b1aab3b8bb5f2b1f5cee64d67ece4940c openssh-askpass-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: e86693dfcc8a7efe9a9e36c18bce0dcc6763a2e88853b04462530dd70d0a95a5 openssh-askpass-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: e86693dfcc8a7efe9a9e36c18bce0dcc6763a2e88853b04462530dd70d0a95a5 openssh-clients-9.9p1-14.el10_1.x86_64.rpm SHA-256: 7ea62496a9c8e8f40bb5a7aea9ac9628e69e111b4d5c07cba7722d9714d3a1c8 openssh-clients-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 4039b91638185108f397dff195183fdeb575b017bf0e6fd882f7563e9d64ce1b openssh-clients-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 4039b91638185108f397dff195183fdeb575b017bf0e6fd882f7563e9d64ce1b openssh-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 85a1158bd92f5c3500c287fb1282d372e77b6b21859253afefa7d98fd190aa2f openssh-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 85a1158bd92f5c3500c287fb1282d372e77b6b21859253afefa7d98fd190aa2f openssh-debugsource-9.9p1-14.el10_1.x86_64.rpm SHA-256: e95a3fd9bc15ddb29e0876a0067d49915a6e8ffcecfe00aee8c1af20bf6e18ef openssh-debugsource-9.9p1-14.el10_1.x86_64.rpm SHA-256: e95a3fd9bc15ddb29e0876a0067d49915a6e8ffcecfe00aee8c1af20bf6e18ef openssh-keycat-9.9p1-14.el10_1.x86_64.rpm SHA-256: 218fad609f9adb6cc134434328751ffdf713e426ab88adef78fe7f972d5b7806 openssh-keycat-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: f9a9d6679dd384520ca0c0c9504c17caa15214533f77247b8629ff3784c42f0a openssh-keycat-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: f9a9d6679dd384520ca0c0c9504c17caa15214533f77247b8629ff3784c42f0a openssh-keysign-9.9p1-14.el10_1.x86_64.rpm SHA-256: a74984fd30eefc69cf83aaf45b01ace0b92b049d26c5cbba5cfd8dbd1949d76d openssh-keysign-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 58e3cdd753fd1f312a19658c7fa9cf809ec05bfd459775526b70d51cf55df892 openssh-keysign-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 58e3cdd753fd1f312a19658c7fa9cf809ec05bfd459775526b70d51cf55df892 openssh-server-9.9p1-14.el10_1.x86_64.rpm SHA-256: 8ac79ec86bd51f0de699fb6933c0110cb622c761e528ad4110f46c7686020f29 openssh-server-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 186b14db355292e9f3cc4b701d753772bf027bcb60a8cb474a651974dcb95d15 openssh-server-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 186b14db355292e9f3cc4b701d753772bf027bcb60a8cb474a651974dcb95d15 openssh-sk-dummy-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 7f025a5182f587314f6f99f526a288cb2a496da18b21561187c1b33f04c3105e openssh-sk-dummy-debuginfo-9.9p1-14.el10_1.x86_64.rpm SHA-256: 7f025a5182f587314f6f99f526a288cb2a496da18b21561187c1b33f04c3105e Red Hat Enterprise Linux for IBM z Systems 10 SRPM openssh-9.9p1-14.el10_1.src.rpm SHA-256: e1ad4f384d8a47c2dda9a36ee61423645c104ff8592f949dbd92847bd4d4c9ae s390x openssh-9.9p1-14.el10_1.s390x.rpm SHA-256: 393e6e488a419e79ccbcb7450a17929238e99d48954b899b80859e3142b754a2 openssh-askpass-9.9p1-14.el10_1.s390x.rpm SHA-256: 0c55d5830ce9acb7cb097ef463c981ae412b333809cae5f04eeda22c2b73f3e3 openssh-askpass-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: f613680d7f0bad10e6a4313c3e0a4e09bca3306af1613f276e7711aa313cb06f openssh-askpass-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: f613680d7f0bad10e6a4313c3e0a4e09bca3306af1613f276e7711aa313cb06f openssh-clients-9.9p1-14.el10_1.s390x.rpm SHA-256: 28eef108d376d84f1fb7d8dcbf47a42fef604dfdb243d9890b26dfe313335b35 openssh-clients-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: c072add373abb24c8a132a2a640bc3ac4a3d3159a3c34b57cc4528328f472668 openssh-clients-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: c072add373abb24c8a132a2a640bc3ac4a3d3159a3c34b57cc4528328f472668 openssh-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: ba26174963b014b89df37b87f2d3b64409e67abdcae3e26ce370ad96f0f9ef36 openssh-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: ba26174963b014b89df37b87f2d3b64409e67abdcae3e26ce370ad96f0f9ef36 openssh-debugsource-9.9p1-14.el10_1.s390x.rpm SHA-256: 351b9b351c021270ecbd732a139b9c91b1f4c628d9532db4c2ff0d295922b788 openssh-debugsource-9.9p1-14.el10_1.s390x.rpm SHA-256: 351b9b351c021270ecbd732a139b9c91b1f4c628d9532db4c2ff0d295922b788 openssh-keycat-9.9p1-14.el10_1.s390x.rpm SHA-256: 1bb35400fbeda19b3c4da530f32716201f1ddf35cd452997a2f5cb2b3e751488 openssh-keycat-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: 37c2b016f9ef5d0c262949e997ed33b7d741a67ce2364ddcc96af58b3ba0bc7d openssh-keycat-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: 37c2b016f9ef5d0c262949e997ed33b7d741a67ce2364ddcc96af58b3ba0bc7d openssh-keysign-9.9p1-14.el10_1.s390x.rpm SHA-256: 2316c4e8804787ec0ad01105738d5f73084e2234c6dbe59af130f2608fab554a openssh-keysign-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: 46149c2bf67e894627c466275579f4c33dd084fc701b428db3b5c03f76b0abf2 openssh-keysign-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: 46149c2bf67e894627c466275579f4c33dd084fc701b428db3b5c03f76b0abf2 openssh-server-9.9p1-14.el10_1.s390x.rpm SHA-256: 640f6c85db7354d051af70e81466215415f2a395c44730a49c7aef38bea7ef3d openssh-server-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: c4efc0836017796765f5439b09a137bda90aa3372bc27e1f71c7adef110efd8a openssh-server-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: c4efc0836017796765f5439b09a137bda90aa3372bc27e1f71c7adef110efd8a openssh-sk-dummy-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: fde2d025603af737ec1eaec34a5f3132949d174410b020f86a0f3839712e40d9 openssh-sk-dummy-debuginfo-9.9p1-14.el10_1.s390x.rpm SHA-256: fde2d025603af737ec1eaec34a5f3132949d174410b020f86a0f3839712e40d9 Red Hat Enterprise Linux for Power, little endian 10 SRPM openssh-9.9p1-14.el10_1.src.rpm SHA-256: e1ad4f384d8a47c2dda9a36ee61423645c104ff8592f949dbd92847bd4d4c9ae ppc64le openssh-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 841e5d9fbad8b94d694b18727329138b9001276bc5b3acb16f1d656b7683d36b openssh-askpass-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 154a2009cf4641ba4e4779cb7c387bc70050ed3b141b58bdd924ea6d07e24f16 openssh-askpass-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 76a9211d58a952b8eefeda31bbb44e235759a3bef70c16e7aca362751725d619 openssh-askpass-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 76a9211d58a952b8eefeda31bbb44e235759a3bef70c16e7aca362751725d619 openssh-clients-9.9p1-14.el10_1.ppc64le.rpm SHA-256: b144f1ffe9e81d96dbaf54100713dabe12ed8db8be7a631122fae619f4a0e8cf openssh-clients-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 9fe942ca9be27e7fbbf79245b1217f91f6818e7e8ffd8560dffade8741b78b44 openssh-clients-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 9fe942ca9be27e7fbbf79245b1217f91f6818e7e8ffd8560dffade8741b78b44 openssh-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: dcaefbfb0b252675d2f4c418bb8b9555ebe7da1beaef2f089cceaf2d6c650b13 openssh-debuginfo-9.9p1-14.el10_1.ppc64le.rpm SHA-256: dcaefbfb0b252675d2f4c418bb8b9555ebe7da1beaef2f089cceaf2d6c650b13 openssh-debugsource-9.9p1-14.el10_1.ppc64le.rpm SHA-256: 00ff3c8fd6f54e6b58f359a46507f7659e4fc892f1c8474782479b422d4528ab openssh-debugsource-9.9p1-14.el10_1.ppc64