Teleport prior to 4.4.11, 5.x prior to 5.2.4, 6.x prior to 6.2.12, and 7.x prior to 7.1.1 allows forgery of SSH host certificates in some situations.
goteleport teleport