Researchers at Qualys discovered a new Remote Code Execution flaw in the OpenSSH.
This flaw exists in OpenSSH’s forward ssh-agent. This flaw allows an attacker to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.
https://cybersecuritynews.com/openssh-rce-flaw/