cve-2026-35414

CVE-2026-35414 is a moderate-severity OpenSSH vulnerability affecting versions before 10.3 and Microsoft's Azure Linux 3.0 OpenSSH package. The flaw involves incorrect parsing of comma characters in SSH certificate principals when combined with authorized_keys principal restrictions. Microsoft updated its Security Update Guide on June 4, 2026 to address this issue. While not a critical remote code execution bug, it highlights how parsing assumptions in mature authentication systems can introduce risk. For WindowsForum readers, the practical concern is whether your environment uses SSH certificates in the specific way this bug requires. The advisory serves as a reminder to review certificate-based SSH configurations and apply the available updates.