Red Hat Product Errata RHSA-2026:13383 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13383 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM openssh-8.0p1-29.el8_10.src.rpm SHA-256: b6974b97ae42a923337210c89c922254879cdbff3bb7a62b3681add287ab043a x86_64 openssh-8.0p1-29.el8_10.x86_64.rpm SHA-256: 02ac6c13de471fdf5b40015759a40ca8b3c23b6d82bb44dad8275f456aafb68d openssh-askpass-8.0p1-29.el8_10.x86_64.rpm SHA-256: a4b710eebc805ec34907e329d5ef71072a9c4d1284f1478e7e9dd27c784bbc20 openssh-askpass-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: e97745ee29e3de85ef6862cb17a0099fc306b26f156aad24c0816a6051dcb42d openssh-askpass-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: e97745ee29e3de85ef6862cb17a0099fc306b26f156aad24c0816a6051dcb42d openssh-cavs-8.0p1-29.el8_10.x86_64.rpm SHA-256: f98b8cf089924678af447eb632afddfc4d5f7defc5425c1b9c7c75e10922e1c8 openssh-cavs-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: 52592c508387b37fc2e2f9c96df97e7318e834e60c60e16db9fe93dc7e6d95a6 openssh-cavs-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: 52592c508387b37fc2e2f9c96df97e7318e834e60c60e16db9fe93dc7e6d95a6 openssh-clients-8.0p1-29.el8_10.x86_64.rpm SHA-256: e63150148cf1b904c93073231c8094cac675fc02695f9be351a5b2d7eb6def82 openssh-clients-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: 9284a1774a398a8fc5ff4a1373a65c82773425ad66113a42f3c1122d717777fd openssh-clients-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: 9284a1774a398a8fc5ff4a1373a65c82773425ad66113a42f3c1122d717777fd openssh-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: d4ad3e89c875d0b1daff91e07623b8f45718167bbdc68bfc18da1531187fdd84 openssh-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: d4ad3e89c875d0b1daff91e07623b8f45718167bbdc68bfc18da1531187fdd84 openssh-debugsource-8.0p1-29.el8_10.x86_64.rpm SHA-256: cd9a6b9c80b63915d55e47af478549790ad27ef8a07ec3481c24a3f015c4fb99 openssh-debugsource-8.0p1-29.el8_10.x86_64.rpm SHA-256: cd9a6b9c80b63915d55e47af478549790ad27ef8a07ec3481c24a3f015c4fb99 openssh-keycat-8.0p1-29.el8_10.x86_64.rpm SHA-256: 0db6f8090705b48594378cef0bdecb7b70583b4e3141d06a0d14ba4920686f6c openssh-keycat-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: bfff9a1832636c80207a57b6d1b2eb29d9b1b277ba5ea4e8fd22ff334eee5dd9 openssh-keycat-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: bfff9a1832636c80207a57b6d1b2eb29d9b1b277ba5ea4e8fd22ff334eee5dd9 openssh-ldap-8.0p1-29.el8_10.x86_64.rpm SHA-256: 3e3fb24c8cd4199234e9033efdc2e4e78e5aef302ac91ad549a12628d9959881 openssh-ldap-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: e2c0a9bdd3ea4fdecc001ca67f774cdcac80304717d01e4a24d0d67c442ab3b7 openssh-ldap-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: e2c0a9bdd3ea4fdecc001ca67f774cdcac80304717d01e4a24d0d67c442ab3b7 openssh-server-8.0p1-29.el8_10.x86_64.rpm SHA-256: 868ad36c2fd043b979fe5a083a166190acebca3a7c0683a6db5ad06d2daef9d6 openssh-server-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: c4ab2a6b6a663f20507f521f8402466d6fd865c238d8b9e48fe92891ac21f27a openssh-server-debuginfo-8.0p1-29.el8_10.x86_64.rpm SHA-256: c4ab2a6b6a663f20507f521f8402466d6fd865c238d8b9e48fe92891ac21f27a pam_ssh_agent_auth-0.10.3-7.29.el8_10.x86_64.rpm SHA-256: 5c49f84de1cbc5289c4a66cfe4f3f59d6da89653aad912f9e0b868925cdf9ae0 pam_ssh_agent_auth-debuginfo-0.10.3-7.29.el8_10.x86_64.rpm SHA-256: 6a4be1543aa90d82f1752ed38203bc8559b95fa8471f3a0ff444f593e786e82b pam_ssh_agent_auth-debuginfo-0.10.3-7.29.el8_10.x86_64.rpm SHA-256: 6a4be1543aa90d82f1752ed38203bc8559b95fa8471f3a0ff444f593e786e82b Red Hat Enterprise Linux for IBM z Systems 8 SRPM openssh-8.0p1-29.el8_10.src.rpm SHA-256: b6974b97ae42a923337210c89c922254879cdbff3bb7a62b3681add287ab043a s390x openssh-8.0p1-29.el8_10.s390x.rpm SHA-256: b724603baf44312ce28c9adf7d1370b4e0feba52a88fc35d79ccc5e98d365e16 openssh-askpass-8.0p1-29.el8_10.s390x.rpm SHA-256: 4b6faea6370d0a8eb2cc6e5251b986cb7014a79aaa7c415592ce9f01b874aa00 openssh-askpass-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: f93334b0acf137589ba17bbb7dce5c4e78780dabbd1ab3a0b968ad85aabb16de openssh-askpass-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: f93334b0acf137589ba17bbb7dce5c4e78780dabbd1ab3a0b968ad85aabb16de openssh-cavs-8.0p1-29.el8_10.s390x.rpm SHA-256: 2710abe7e392238162c7d893160a56615f4be1880891cde12958259b907e0230 openssh-cavs-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: a0170ddd38e7bd316516d7ae4c79731560f39e5dade7c91bcd727b138be5a99f openssh-cavs-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: a0170ddd38e7bd316516d7ae4c79731560f39e5dade7c91bcd727b138be5a99f openssh-clients-8.0p1-29.el8_10.s390x.rpm SHA-256: 1d16db4ee4c69e4d23d533f34c5d7eada9fdf5b2c262ba3a175f7eb58b069c95 openssh-clients-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: ec8ec009f4f5bd2fb2a7716d694cc29b20c589667893d95561e06b9c06adbdea openssh-clients-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: ec8ec009f4f5bd2fb2a7716d694cc29b20c589667893d95561e06b9c06adbdea openssh-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: a326db150a369da02b900c898a8d5a657cb3d6eccc36cb5feb85b5cb28c47ba3 openssh-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: a326db150a369da02b900c898a8d5a657cb3d6eccc36cb5feb85b5cb28c47ba3 openssh-debugsource-8.0p1-29.el8_10.s390x.rpm SHA-256: 8638ac4639246bce048866e66c8e1974590f150df3dc53c5f6a154c50420e562 openssh-debugsource-8.0p1-29.el8_10.s390x.rpm SHA-256: 8638ac4639246bce048866e66c8e1974590f150df3dc53c5f6a154c50420e562 openssh-keycat-8.0p1-29.el8_10.s390x.rpm SHA-256: eac6af97424c564bc8dff2db07e519c4c2bcbb5315c5c4d062357a8834d482ad openssh-keycat-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: b6ec65f61232618b0a1089cb084336542b5ea9a4125a820f0375a1215483090d openssh-keycat-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: b6ec65f61232618b0a1089cb084336542b5ea9a4125a820f0375a1215483090d openssh-ldap-8.0p1-29.el8_10.s390x.rpm SHA-256: 2d3176775d329eb2b6afba62c7d1428f4632eee1c7eb763dc1702c18ed8c24dd openssh-ldap-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: c44c608f83f935fe6a63112d6b7bd5fdad695f92c8d89f7240f2dd8c91298973 openssh-ldap-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: c44c608f83f935fe6a63112d6b7bd5fdad695f92c8d89f7240f2dd8c91298973 openssh-server-8.0p1-29.el8_10.s390x.rpm SHA-256: 077ddf980ee02e83640d768ef3d2d3c719053372f45e54dbcc39eea3068f0a2b openssh-server-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: 22318582024ef079226cda0dae65626b4c32750e240d1273ea68ab2524712b5b openssh-server-debuginfo-8.0p1-29.el8_10.s390x.rpm SHA-256: 22318582024ef079226cda0dae65626b4c32750e240d1273ea68ab2524712b5b pam_ssh_agent_auth-0.10.3-7.29.el8_10.s390x.rpm SHA-256: 9292f2937a5eca986d540cabced883ade13c50628b3ff814406657cbc9f6f077 pam_ssh_agent_auth-debuginfo-0.10.3-7.29.el8_10.s390x.rpm SHA-256: df9310bbfe816dc445346f41cdb8bc2e4cb116e783bdbbb766336fa8e97946a1 pam_ssh_agent_auth-debuginfo-0.10.3-7.29.el8_10.s390x.rpm SHA-256: df9310bbfe816dc445346f41cdb8bc2e4cb116e783bdbbb766336fa8e97946a1 Red Hat Enterprise Linux for Power, little endian 8 SRPM openssh-8.0p1-29.el8_10.src.rpm SHA-256: b6974b97ae42a923337210c89c922254879cdbff3bb7a62b3681add287ab043a ppc64le