> TritonInfoSec News
Home / Apr 28, 2026 / Story
0
#6 SecurityWeek general April 27, 2026 at 12:29 UTC

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

By Ionut Arghire

AI Summary

A critical OpenSSH vulnerability that allowed full root shell access remained undetected for 15 years due to a code reuse issue where comma characters in certificate principals were incorrectly interpreted as list separators. The flaw enabled privilege escalation attacks against SSH implementations across countless Unix and Linux systems worldwide.

Read full article → https://www.securityweek.com/openssh-flaw-allowing…

Relevance score: 83.0/100

# More from April 28

  1. 1
    GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions BleepingComputer
  2. 2
    PyPI package with 1.1M monthly downloads hacked to push infostealer BleepingComputer
  3. 3
    Home security giant ADT data breach affects 5.5 million people BleepingComputer
  4. 4
    Medtronic confirms breach after hackers claim 9 million records theft BleepingComputer
  5. 5
    Alleged Silk Typhoon hacker extradited to US for cyberespionage BleepingComputer
  6. 7
    Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation Dark Reading
  7. 8
    UNC6692 Combines Social Engineering, Malware, Cloud Abuse Dark Reading
  8. 9
    Robinhood account creation flaw abused to send phishing emails BleepingComputer
  9. 10
    Energy and Water Management Firm Itron Hacked SecurityWeek