| Cyera Blog

**Critical OpenSSH certificate parsing vulnerability (CVE-2026-35414):** Cyera Research discovered a long-standing flaw where a crafted SSH certificate principal containing a comma can be interpreted as multiple principals by the cert-authority path in authorized_keys, allowing an attacker who obtains such a certificate to authenticate as unintended users (including root) on affected servers; the issue affects setups that use cert-authority entries in authorized_keys but not TrustedUserCAKeys, and it enables deterministic, single-connection exploitation with broad potential impact across bastions, CI/CD pipelines, and systems trusting the vulnerable CA.