Red Hat Product Errata RHSA-2026:16059 - Security Advisory Issued: 2026-05-11 Updated: 2026-05-11 RHSA-2026:16059 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM openssh-8.7p1-45.el9_6.3.src.rpm SHA-256: cd26fca89156743749ffaa41d998d6c2418039fc72eff6566565471703a990ca x86_64 openssh-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0a6bab6f52576526094dfcb521190ed5911190a7764a89b7cb2d2503cf249271 openssh-askpass-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 20b10f67d955bb7d24a46b4e102b195999567cecb20b00af61f1c03f28216530 openssh-askpass-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0ee9664dcd65aabb9f3b94584f1218d22955fda247913dda3733de7beb548f00 openssh-askpass-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0ee9664dcd65aabb9f3b94584f1218d22955fda247913dda3733de7beb548f00 openssh-clients-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 5f0a83bbc6c97522b8ccf7127702a39900d699709d860ad392c82f16f47d206b openssh-clients-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: c8bc4258dfa2356c22942368aaeb210146cac9de373be3fa33342e368147a66b openssh-clients-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: c8bc4258dfa2356c22942368aaeb210146cac9de373be3fa33342e368147a66b openssh-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: b522ad84c874cb70cc224da5d18e4de120dec94e38a46608f7955258f71fb3cd openssh-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: b522ad84c874cb70cc224da5d18e4de120dec94e38a46608f7955258f71fb3cd openssh-debugsource-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 7e91b5801021871b9730da134646d07c6b53cddd647967a23a2b93a35a3574bf openssh-debugsource-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 7e91b5801021871b9730da134646d07c6b53cddd647967a23a2b93a35a3574bf openssh-keycat-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 56038d5e8ba4a36812596c08d4dd254c19989e55f57fd394f74cf72f48595b2d openssh-keycat-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: bb249ef4763cf95533805a80c7f502a8156d53cb88176b707fc3636555d6bdb2 openssh-keycat-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: bb249ef4763cf95533805a80c7f502a8156d53cb88176b707fc3636555d6bdb2 openssh-server-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: a102a8f4b7440a92bdcf294ba1b929a77b6dbb5ab929152a7bc05962475e98a7 openssh-server-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: e08b04f4aea9e915c2b711838ae71711e83a73f2a79c1d49271856e5b72c0f83 openssh-server-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: e08b04f4aea9e915c2b711838ae71711e83a73f2a79c1d49271856e5b72c0f83 openssh-sk-dummy-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 76b0421c9d41238c2b860d2a6cef3dcb8a7ae7552e851993258ff033f20cd42c openssh-sk-dummy-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 76b0421c9d41238c2b860d2a6cef3dcb8a7ae7552e851993258ff033f20cd42c pam_ssh_agent_auth-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 47d71843d8eca4233a7af32d4fa988cffa9d172425f42303b7ca9f91c541427c pam_ssh_agent_auth-debuginfo-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 2734deaf66ec6c6b1d699a22b8cfc3e317e690e66345f2f9e2a25821b35f357a pam_ssh_agent_auth-debuginfo-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 2734deaf66ec6c6b1d699a22b8cfc3e317e690e66345f2f9e2a25821b35f357a Red Hat Enterprise Linux Server - AUS 9.6 SRPM openssh-8.7p1-45.el9_6.3.src.rpm SHA-256: cd26fca89156743749ffaa41d998d6c2418039fc72eff6566565471703a990ca x86_64 openssh-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0a6bab6f52576526094dfcb521190ed5911190a7764a89b7cb2d2503cf249271 openssh-askpass-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 20b10f67d955bb7d24a46b4e102b195999567cecb20b00af61f1c03f28216530 openssh-askpass-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0ee9664dcd65aabb9f3b94584f1218d22955fda247913dda3733de7beb548f00 openssh-askpass-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 0ee9664dcd65aabb9f3b94584f1218d22955fda247913dda3733de7beb548f00 openssh-clients-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 5f0a83bbc6c97522b8ccf7127702a39900d699709d860ad392c82f16f47d206b openssh-clients-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: c8bc4258dfa2356c22942368aaeb210146cac9de373be3fa33342e368147a66b openssh-clients-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: c8bc4258dfa2356c22942368aaeb210146cac9de373be3fa33342e368147a66b openssh-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: b522ad84c874cb70cc224da5d18e4de120dec94e38a46608f7955258f71fb3cd openssh-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: b522ad84c874cb70cc224da5d18e4de120dec94e38a46608f7955258f71fb3cd openssh-debugsource-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 7e91b5801021871b9730da134646d07c6b53cddd647967a23a2b93a35a3574bf openssh-debugsource-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 7e91b5801021871b9730da134646d07c6b53cddd647967a23a2b93a35a3574bf openssh-keycat-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 56038d5e8ba4a36812596c08d4dd254c19989e55f57fd394f74cf72f48595b2d openssh-keycat-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: bb249ef4763cf95533805a80c7f502a8156d53cb88176b707fc3636555d6bdb2 openssh-keycat-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: bb249ef4763cf95533805a80c7f502a8156d53cb88176b707fc3636555d6bdb2 openssh-server-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: a102a8f4b7440a92bdcf294ba1b929a77b6dbb5ab929152a7bc05962475e98a7 openssh-server-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: e08b04f4aea9e915c2b711838ae71711e83a73f2a79c1d49271856e5b72c0f83 openssh-server-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: e08b04f4aea9e915c2b711838ae71711e83a73f2a79c1d49271856e5b72c0f83 openssh-sk-dummy-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 76b0421c9d41238c2b860d2a6cef3dcb8a7ae7552e851993258ff033f20cd42c openssh-sk-dummy-debuginfo-8.7p1-45.el9_6.3.x86_64.rpm SHA-256: 76b0421c9d41238c2b860d2a6cef3dcb8a7ae7552e851993258ff033f20cd42c pam_ssh_agent_auth-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 47d71843d8eca4233a7af32d4fa988cffa9d172425f42303b7ca9f91c541427c pam_ssh_agent_auth-debuginfo-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 2734deaf66ec6c6b1d699a22b8cfc3e317e690e66345f2f9e2a25821b35f357a pam_ssh_agent_auth-debuginfo-0.10.4-5.45.el9_6.3.x86_64.rpm SHA-256: 2734deaf66ec6c6b1d699a22b8cfc3e317e690e66345f2f9e2a25821b35f357a Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM openssh-8.7p1-45.el9_6.3.src.rpm SHA-256: cd26fca89156743749ffaa41d998d6c2418039fc72eff6566565471703a990ca s390x openssh-8.7p1-45.el9_6.3.s390x.rpm SHA-256: bc946292138e047e26e6f2f440ee061622aeca8ab8f4bbd90f756500a9a8afc1 openssh-askpass-8.7p1-45.el9_6.3.s390x.rpm SHA-256: 20775a1aaf7e19f985b28bacbe1f7ed396c4dd6e662d58e976c1ee01f6f093b3 openssh-askpass-debuginfo-8.7p1-45.el9_6.3.s390x.rpm SHA-256: d03e7d59c053078a2b9654c3362