| Cyera Blog

Cyera Research disclosed a critical OpenSSH vulnerability (CVE-2026-35414) in which a crafted SSH certificate with a comma-containing principal can bypass principal restrictions and authenticate as unintended users, including root, on servers that trust certificate authorities via cert-authority entries in authorized_keys. The flaw affects common deployments (bastion hosts, CI/CD, Vault/BLess workflows) and enables deterministic, single-connection exploitation across fleets, while TrustedUserCAKeys configurations are not affected.