Red Hat Product Errata RHSA-2026:19219 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19219 - Security Advisory Overview Updated Packages Synopsis Important: openssh security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for openssh is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385) OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414) OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387) OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388) OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2454469 - CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode BZ - 2454490 - CVE-2026-35414 OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option BZ - 2454494 - CVE-2026-35387 OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage BZ - 2454500 - CVE-2026-35388 OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions BZ - 2454506 - CVE-2026-35386 OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username CVEs CVE-2026-35385 CVE-2026-35386 CVE-2026-35387 CVE-2026-35388 CVE-2026-35414 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM openssh-9.9p1-7.el9_8.src.rpm SHA-256: 3a5a65ba73ffe4f8b08dacb2247f95336dadb2e930eceaeb8746ddc998efe2a6 x86_64 openssh-9.9p1-7.el9_8.x86_64.rpm SHA-256: e699c3fd161d4741658320f10064bb82ab7530d07d3d34850142ccc102ce7c82 openssh-askpass-9.9p1-7.el9_8.x86_64.rpm SHA-256: 96d5bb9825589badfd984aa2398fbec46365c332036e620033868ee4147a4d22 openssh-askpass-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b577870f77487b098a9439251e9d4950f1edc7881fd748dc9e34a0530db203a2 openssh-askpass-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b577870f77487b098a9439251e9d4950f1edc7881fd748dc9e34a0530db203a2 openssh-clients-9.9p1-7.el9_8.x86_64.rpm SHA-256: 5663973f870ce57e55bb94e94b84ff020d6b24cbaabdca9fed99665f6513c847 openssh-clients-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 9e6a1b3e5c79c1a495c5cd232ebdf8033a0c19613d05bb54aa35480373c10026 openssh-clients-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 9e6a1b3e5c79c1a495c5cd232ebdf8033a0c19613d05bb54aa35480373c10026 openssh-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b5c8b22452fc6814197e422acacffae4b2aabee70b8372d37a4a50b02c343418 openssh-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b5c8b22452fc6814197e422acacffae4b2aabee70b8372d37a4a50b02c343418 openssh-debugsource-9.9p1-7.el9_8.x86_64.rpm SHA-256: c699b72e9601d5562f5d7decdd498f31bca806e5bb7a9e88db4d54165355a927 openssh-debugsource-9.9p1-7.el9_8.x86_64.rpm SHA-256: c699b72e9601d5562f5d7decdd498f31bca806e5bb7a9e88db4d54165355a927 openssh-keycat-9.9p1-7.el9_8.x86_64.rpm SHA-256: 5b1fabd5486eb5e12009c8b3af590ccc1661ae7ac30848207f5cc09cd919e3ea openssh-keycat-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 2c70604789893b21adf9ea65efbd4139aa30c1d6e1e6248d2be8c1ee7dc6d8c0 openssh-keycat-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 2c70604789893b21adf9ea65efbd4139aa30c1d6e1e6248d2be8c1ee7dc6d8c0 openssh-server-9.9p1-7.el9_8.x86_64.rpm SHA-256: 811192c071e353feeb464e5046fafeb8dd50d392ef49f01d580e89df34da7dfb openssh-server-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 85529a06ae7ea9686972fdf581b23705a6608fccb98721f72cbfff71ae71ab4e openssh-server-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 85529a06ae7ea9686972fdf581b23705a6608fccb98721f72cbfff71ae71ab4e openssh-sk-dummy-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 1ab5bece1f81d120309efc208bf93b7533f3f3d9ef9c2841820fd308ac85d577 openssh-sk-dummy-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 1ab5bece1f81d120309efc208bf93b7533f3f3d9ef9c2841820fd308ac85d577 pam_ssh_agent_auth-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: c322d454ddbf58c6e7e46486543b624ec10df46b84e8d199439c8baf793d43f9 pam_ssh_agent_auth-debuginfo-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: ca7d22d05db295f536c59f64ed83b269c882c04272b8febd2284b9dd8625989e pam_ssh_agent_auth-debuginfo-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: ca7d22d05db295f536c59f64ed83b269c882c04272b8febd2284b9dd8625989e Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM openssh-9.9p1-7.el9_8.src.rpm SHA-256: 3a5a65ba73ffe4f8b08dacb2247f95336dadb2e930eceaeb8746ddc998efe2a6 x86_64 openssh-9.9p1-7.el9_8.x86_64.rpm SHA-256: e699c3fd161d4741658320f10064bb82ab7530d07d3d34850142ccc102ce7c82 openssh-askpass-9.9p1-7.el9_8.x86_64.rpm SHA-256: 96d5bb9825589badfd984aa2398fbec46365c332036e620033868ee4147a4d22 openssh-askpass-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b577870f77487b098a9439251e9d4950f1edc7881fd748dc9e34a0530db203a2 openssh-askpass-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b577870f77487b098a9439251e9d4950f1edc7881fd748dc9e34a0530db203a2 openssh-clients-9.9p1-7.el9_8.x86_64.rpm SHA-256: 5663973f870ce57e55bb94e94b84ff020d6b24cbaabdca9fed99665f6513c847 openssh-clients-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 9e6a1b3e5c79c1a495c5cd232ebdf8033a0c19613d05bb54aa35480373c10026 openssh-clients-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 9e6a1b3e5c79c1a495c5cd232ebdf8033a0c19613d05bb54aa35480373c10026 openssh-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b5c8b22452fc6814197e422acacffae4b2aabee70b8372d37a4a50b02c343418 openssh-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: b5c8b22452fc6814197e422acacffae4b2aabee70b8372d37a4a50b02c343418 openssh-debugsource-9.9p1-7.el9_8.x86_64.rpm SHA-256: c699b72e9601d5562f5d7decdd498f31bca806e5bb7a9e88db4d54165355a927 openssh-debugsource-9.9p1-7.el9_8.x86_64.rpm SHA-256: c699b72e9601d5562f5d7decdd498f31bca806e5bb7a9e88db4d54165355a927 openssh-keycat-9.9p1-7.el9_8.x86_64.rpm SHA-256: 5b1fabd5486eb5e12009c8b3af590ccc1661ae7ac30848207f5cc09cd919e3ea openssh-keycat-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 2c70604789893b21adf9ea65efbd4139aa30c1d6e1e6248d2be8c1ee7dc6d8c0 openssh-keycat-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 2c70604789893b21adf9ea65efbd4139aa30c1d6e1e6248d2be8c1ee7dc6d8c0 openssh-server-9.9p1-7.el9_8.x86_64.rpm SHA-256: 811192c071e353feeb464e5046fafeb8dd50d392ef49f01d580e89df34da7dfb openssh-server-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 85529a06ae7ea9686972fdf581b23705a6608fccb98721f72cbfff71ae71ab4e openssh-server-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 85529a06ae7ea9686972fdf581b23705a6608fccb98721f72cbfff71ae71ab4e openssh-sk-dummy-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 1ab5bece1f81d120309efc208bf93b7533f3f3d9ef9c2841820fd308ac85d577 openssh-sk-dummy-debuginfo-9.9p1-7.el9_8.x86_64.rpm SHA-256: 1ab5bece1f81d120309efc208bf93b7533f3f3d9ef9c2841820fd308ac85d577 pam_ssh_agent_auth-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: c322d454ddbf58c6e7e46486543b624ec10df46b84e8d199439c8baf793d43f9 pam_ssh_agent_auth-debuginfo-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: ca7d22d05db295f536c59f64ed83b269c882c04272b8febd2284b9dd8625989e pam_ssh_agent_auth-debuginfo-0.10.4-7.7.el9_8.x86_64.rpm SHA-256: ca7d22d05db295f536c59f64ed83b269c882c04272b8febd2284b9dd8625989e Red Hat Enterprise Linux for IBM z Systems 9 SRPM openssh-9.9p1-7.el9_8.src.rpm SHA-256: 3a5a65ba73ffe4f8b08dacb2247f95336dadb2e930eceaeb8746ddc998efe2a6 s390x openssh-9.9p1-7.el9_8.s390x.rpm SHA-256: 239384b797255208ef9a549521751ac747c495f8af1d9f6cb9e9815741bdefee openssh-askpass-9.9p1-7.el9_8.s390x.rpm SHA-256: d112ff0b108324c23db1650d4a4e6b238dc7adebc147881112b772c7be077e1e openssh-askpass-debuginfo-9.9p1-7.el9_8.s390x.rpm SHA-256: f03e3dc271cf50a33761ee2488eb06e76b443d1611075ac721f3fd63dafc8402 openssh-askpass-d