VCF Operation for Networks impact assessment for CVE-2026-35414
search cancel

VCF Operation for Networks impact assessment for CVE-2026-35414

book

Article ID: 439958

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

CVE-2026-35414 is a medium impact CVE which is OpenSSH vulnerability related to improper handling of the authorized_keys principals option in specific configurations involving Certificate Authorities. Under certain uncommon conditions, this could lead to misinterpretation of input.

Environment

VCF Operation for Networks 6.14.0
VCF Operation for Networks 6.14.1
VCF Operation for Networks 6.14.2

Resolution

VMware By Broadcom is aware of CVE-2026-35414.

Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.

Should you require further information please contact Broadcom Support: Creating and managing Broadcom support cases

Additional Information

CVE-2026-35414 is fixed in 1:8.9p1-3ubuntu0.15 Openssh version. 

To query Openssh version in VCF Operation for Networks appliance, please take a SSH session and run command : dpkg  -l | grep openssh

Below attached is a sample output: 

Powered by Wolken Software