Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Home/CyberSecurity News/OpenSSH 9.7 Patches Critical Shell Injection Vulnerability CVE-2023-51385
CyberSecurity News

OpenSSH 9.7 Patches Critical Shell Injection Vulnerability CVE-2023-51385

Key Takeaways OpenSSH versions 10.3 and 10.3p1 were released on April 2, 2026, to address a critical shell injection vulnerability. The primary fix targets the -J (ProxyJump) command-line option,...

Jennifer sherman
Jennifer sherman
April 2, 2026 3 Min Read
46 0

Key Takeaways

  • OpenSSH versions 10.3 and 10.3p1 were released on April 2, 2026, to address a critical shell injection vulnerability.
  • The primary fix targets the -J (ProxyJump) command-line option, preventing shell injection from untrusted user or host names.
  • A significant security enhancement also corrects a dangerous behavior where SSH certificates with empty principals were treated as wildcards, potentially enabling unauthorized access.
  • Administrators are urged to update immediately, especially if ProxyJump options are derived from user input, and to review existing certificates for empty principal fields.

OpenSSH 10.3 Addresses Critical Shell Injection and Certificate Vulnerabilities

On April 2, 2026, the OpenSSH project unveiled versions 10.3 and 10.3p1, introducing vital security patches and hardening measures. These updates are crucial for administrators to review and implement to safeguard their SSH infrastructure.

Table Of Content

  • Key Takeaways
  • OpenSSH 10.3 Addresses Critical Shell Injection and Certificate Vulnerabilities
  • Shell Injection Flaw in ProxyJump Option Corrected
  • Dangerous Wildcard Behavior in SSH Certificates Mitigated
  • OpenSSH 10.3 Release Enhancements
  • What You Should Do

Shell Injection Flaw in ProxyJump Option Corrected

A significant security vulnerability addressed in the new release involves a shell injection flaw within the -J (ProxyJump) command-line option. Previously, user and host names provided via -J or -oProxyJump="..." on the command line were not adequately validated. This omission created a direct pathway for shell injection if these values originated from untrusted or adversarial input.

The vulnerability was brought to light by a researcher known as “rabbit.” OpenSSH developers acknowledged the inherent risk, stating that exposing these options to untrusted input “would have been a terrible idea to begin with.” The implemented fix now ensures that any malicious or malformed values are rejected during the validation process. It is important to note that this validation specifically applies to command-line usage, while configuration file entries remain unvalidated.

Dangerous Wildcard Behavior in SSH Certificates Mitigated

Another critical correction targets a subtle yet potentially severe vulnerability in sshd‘s certificate handling. Prior to this update, SSH certificates issued without any principals defined were inadvertently treated as a wildcard. This behavior effectively allowed authentication as any user who trusted the issuing Certificate Authority (CA) via their authorized_keys file.

While this behavior was initially by design, it introduced a hazardous edge case: an accidentally issued certificate from a CA with an empty principals section could be exploited for widespread unauthorized access across the network.

OpenSSH 10.3 Release Enhancements

OpenSSH 10.3 fundamentally alters this behavior. Certificates with an empty principals section will no longer match any principal, thereby eliminating the accidental wildcard risk. Furthermore, the release clarifies and standardizes the use of wildcard characters in certificate principals. They are now consistently enforced and supported for host certificates but explicitly disallowed for user certificates, leading to more predictable and secure access controls.

The new version also discontinues backward compatibility for SSH implementations that lack support for transport-layer rekeying. Legacy SSH clients or servers unable to handle rekeying will now fail to interoperate with OpenSSH once a rekey operation is required. This change tightens protocol compliance and removes a long-standing workaround that could compromise security guarantees in prolonged sessions.

What You Should Do

  • Update Immediately: Prioritize updating all OpenSSH infrastructure to versions 10.3 or 10.3p1 to patch the critical shell injection and certificate handling vulnerabilities.
  • Review ProxyJump Implementations: Scrutinize any environments where ProxyJump options are constructed programmatically or derived from user input to ensure no untrusted data can be passed directly.
  • Audit SSH Certificates: Conduct a thorough review of all CA-issued SSH certificates to confirm that none contain empty principal fields, which could inadvertently grant broad access.
  • Check Rekeying Compatibility: Verify that all SSH clients and servers in your environment support transport-layer rekeying to maintain compatibility and security with the updated OpenSSH versions.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

ExploitSecurityVulnerability

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

CISA Warns of Critical Chrome Zero-Day Actively Exploited

Next Post

Qilin Ransomware Evades EDR Solutions With Malicious DLL

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us