RHSA-2026:12389 Red Hat Security Advisory: openssh security update
Details
CVSS v3
3.6
NVD published
2026-04-02 17:16:27
EPSS
<0.1% probability · 8.0th percentile — 2026-05-01
Affected versions
cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*
Summary
In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.