CVE-2026-0964

| EUVD-2026-16326 MEDIUM
2026-03-26 redhat
5.0
CVSS 3.0
Share

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16326
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:06 nvd
MEDIUM 5.0

Tags

Ssh Path Traversal

Description

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

Analysis

SCP client implementations across Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 are vulnerable to path traversal during file transfer, allowing a malicious SCP server to write files outside the designated working directory and potentially execute arbitrary code or modify system configuration. This vulnerability mirrors CVE-2019-6111 in OpenSSH; unauthenticated remote attackers can exploit it with high user interaction (the victim must initiate an SCP connection to a malicious server), resulting in confidentiality, integrity, and availability compromise. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review file handling controls.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

25
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: 0

Vendor Status

Ubuntu

Priority: Medium
libssh
Release Status Version
upstream released 0.11.4
jammy released 0.9.6-2ubuntu0.22.04.6
noble released 0.10.6-2ubuntu0.3
questing released 0.11.2-1ubuntu0.2
bionic released 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
focal released 0.9.3-2ubuntu2.5+esm3
xenial released 0.6.3-4.3ubuntu0.6+esm4
USN-8051-1 USN-8051-2

Debian

Bug #1127693
libssh
Release Status Fixed Version Urgency
bullseye vulnerable 0.9.8-0+deb11u1 -
bullseye (security) vulnerable 0.9.8-0+deb11u2 -
bookworm vulnerable 0.10.6-0+deb12u2 -
bookworm (security) vulnerable 0.10.6-0+deb12u1 -
trixie vulnerable 0.11.2-1+deb13u1 -
forky vulnerable 0.11.3-1 -
sid fixed 0.12.0-3 -
(unstable) fixed 0.12.0-1 -

Share

CVE-2026-0964 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy