Changeflow GovPing Data Privacy & Cybersecurity OpenSSH Multiple Vulnerabilities - Remote Code ...
Urgent Guidance Added Final

OpenSSH Multiple Vulnerabilities - Remote Code Execution and Privilege Escalation

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund issued security advisory WID-SEC-2026-0979 warning of multiple vulnerabilities in OpenSSH versions prior to 10.3. The vulnerabilities carry a CVSS Base Score of 7.5 (high) and enable remote attackers to execute arbitrary code, escalate privileges, or bypass security mechanisms on affected systems running Linux, UNIX, and Windows. Mitigation measures are available but immediate patching is required.

View original document View source feed page

What changed

CERT-Bund disclosed multiple critical vulnerabilities in OpenSSH affecting all major operating system platforms. The vulnerabilities allow remote code execution and privilege escalation with CVSS 7.5 severity. Organizations running OpenSSH instances must apply patches immediately as remote attackers can exploit these flaws without authentication.\n\nAffected parties across all sectors running OpenSSH servers or clients should prioritize patching within 24-48 hours given the remote exploitability and availability of working mitigations. Security teams should monitor for CVE assignments and apply vendor-supplied patches. Systems exposed to untrusted networks face the highest risk and require immediate remediation.

What to do next

  1. Immediately patch all OpenSSH installations to version 10.3 or later
  2. Review systems for indicators of compromise and unauthorized access attempts
  3. Update intrusion detection systems with signatures for known exploit patterns

Archived snapshot

Apr 7, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-0979] OpenSSH: Mehrere Schwachstellen CVSS Base Score 7.5 (hoch) CVSS Temporal Score 6.5 (mittel) Remoteangriff ja Datum 06.04.2026 Stand 07.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.

Produkte

06.04.2026
- Open Source OpenSSH <10.3

Angriff

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in OpenSSH ausnutzen, um Code auszuführen, Privilegien zu erhöhen, Sicherheitsmechanismen zu umgehen oder nicht näher spezifizierte Auswirkungen zu erzielen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Cisco IMC Critical Vulnerabilities - Remote Code Execution and Privilege Escalation
Urgent Apr 02, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Netgate pfSense Vulnerabilities Allow Remote Code Execution
Priority review Apr 02, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Apache Cassandra Multiple Vulnerabilities - Privilege Escalation, Information Disclosure, DoS
Priority review Apr 08, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.

Last updated

Press inquiries →

Classification

Agency
CERT-Bund
Published
April 6th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0979

Who this affects

Applies to
Technology companies Government agencies Financial advisers
Industry sector
5112 Software & Technology
Activity scope
Server patching Security vulnerability remediation Remote access system administration
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Data Privacy Network Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 8 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal 1 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.