Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

High Severity Vulnerability in OpenSSH

30 April 2026

Open SecureShell (OpenSSH) has released a security update to address a high severity vulnerability in OpenSSH. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 8.1 out of 10. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

OpenSSH is an open-source suite of secure networking utilities based on the SSH protocol. OpenSSH has released a security update to address an authorised keys principals mishandling vulnerability (CVE-2026-35414) affecting OpenSSH before version 10.3.

Impact

Successful exploitation of this vulnerability could allow an authenticated attacker to bypass access controls and gain unauthorised root access to the affected system.

Affected Products

This vulnerability affects OpenSSH versions prior to 10.3.

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://www.openssh.org/txt/release-10.3

https://nvd.nist.gov/vuln/detail/CVE-2026-35414

https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/

Back to top