OpenSSH vulnerabilities allow remote code execution
Summary
CERT-FR issued advisory CERTFR-2026-AVI-0391 alerting to multiple vulnerabilities in OpenSSH (versions prior to 10.3) enabling remote code execution and security policy bypass. OpenSSH released version 10.3 with patches. Organizations running OpenSSH should update immediately.
What changed
CERT-FR published security advisory CERTFR-2026-AVI-0391 disclosing multiple vulnerabilities in OpenSSH affecting versions prior to 10.3. The vulnerabilities allow remote code execution and security policy bypass. OpenSSH released version 10.3 addressing these issues on April 2, 2026.
Organizations running OpenSSH should immediately identify affected installations and update to version 10.3 or later. No specific compliance deadline is stated, but immediate patching is critical given the remote code execution risk. Refer to the OpenSSH security bulletin for patch details.
What to do next
- Identify all OpenSSH installations in your environment
- Update OpenSSH to version 10.3 or later
- Apply security patches per OpenSSH bulletin
Archived snapshot
Apr 2, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Premier Ministre S.G.D.S.N
Agence nationale
de la sécurité des
systèmes d'information
Paris, le 02 avril 2026 N° CERTFR-2026-AVI-0391 Affaire suivie par: CERT-FR
Avis du CERT-FR
Objet: Multiples vulnérabilités dans OpenSSH
Gestion du document
| Référence | CERTFR-2026-AVI-0391 |
| Titre | Multiples vulnérabilités dans OpenSSH |
| Date de la première version | 02 avril 2026 |
| Date de la dernière version | 02 avril 2026 |
| Source(s) | Bulletin de sécurité OpenSSH 10.3 du 02 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.
Risques
- Contournement de la politique de sécurité
- Exécution de code arbitraire à distance
Systèmes affectés
- OpenSSH versions antérieures à 10.3
Résumé
De multiples vulnérabilités ont été découvertes dans OpenSSH. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Documentation
- Bulletin de sécurité OpenSSH 10.3 du 02 avril 2026
- https://www.openssh.com/txt/release-10.3
Gestion détaillée du document
- le 02 avril 2026 Version initiale
Related changes
Get daily alerts for CERT-FR Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-FR Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.