PT-2026-33685 · Julia · Openssh Jll
Published
2026-04-09
·
Updated
2026-04-09
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openssh Jll