Skip to main content

Kopia CVE-2026-45695

CRITICAL
OS Command Injection (CWE-78)
2026-05-19 https://github.com/kopia/kopia GHSA-2q4c-3mrw-63c3
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 19, 2026 - 20:00 vuln.today
Analysis Generated
May 19, 2026 - 20:00 vuln.today

DescriptionGitHub Advisory

Summary

Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by splitting sshArguments on spaces and passes the result directly to exec.CommandContext("ssh"). An -oProxyCommand=<cmd> token in sshArguments causes OpenSSH to invoke <cmd> via $SHELL -c before any TCP connection is attempted, giving the requester arbitrary command execution as the Kopia process user.

Analysis

internal/server/server_authz_checks.go lines 61-73:

when the server is started without --server-username or --server-password, getAuthenticator() returns nil and requireUIUser unconditionally authorizes the request. Every endpoint registered through handleUIPossiblyNotConnected becomes accessible without credentials.

repo/blob/sftp/sftp_storage.go lines 448-468:

opt.SSHArguments is populated from the JSON request body (storage.config.sshArguments). The string is split only on the literal ASCII space character, there is no shell style tokenizer, no quote handling, and no allowlist. Whatever tokens the caller supplies are appended to the ssh argv.

OpenSSH treats -oProxyCommand=<value> as a directive to execute <value> via the user's shell ($SHELL -c <value>) and pipe the SSH transport over its stdio. The shell invocation happens before SSH attempts a TCP connection, so the command runs even when the target host is unreachable.

Impact

No user interaction is required. No valid credentials are required. The exploit is a single HTTP request.

Credits

This vulnerability was discovered and responsibly disclosed by Daniele Berardinelli.

Mitigation

https://github.com/kopia/kopia/pull/5354 disallows starting of a server without a password which also listens on a non-loopback interface.

AnalysisAI

Remote code execution in Kopia backup server (≤ 0.22.3) allows unauthenticated attackers to run arbitrary OS commands as the Kopia process user via a single HTTP request to /api/v1/repo/exists when the server is launched with --without-password. Publicly available exploit code exists through the published GHSA advisory and PR diff; no public exploit identified at time of analysis as being weaponized in the wild, but the trivially exploitable vector (CVSS 9.8) and detailed write-up make weaponization straightforward. The bug stems from naive space-splitting of attacker-controlled sshArguments that is fed to exec.CommandContext("ssh"), letting an -oProxyCommand= token trigger $SHELL -c execution before any SSH transport is established.

Technical ContextAI

Kopia is an open-source, cross-platform backup tool written in Go (pkg:go/github.com_kopia_kopia) that exposes an HTTP control/UI API. Two code paths combine to produce this flaw: internal/server/server_authz_checks.go (lines 61-73) returns a nil authenticator when --server-username/--server-password are absent, causing requireUIUser to unconditionally authorize every UI endpoint registered via handleUIPossiblyNotConnected; and repo/blob/sftp/sftp_storage.go (lines 448-468) tokenizes attacker-supplied SSHArguments by splitting on the literal ASCII space and appends the tokens directly to the ssh argv via os/exec, with no shell tokenizer, quote handling, or allowlist. The root cause is classic CWE-78 (OS Command Injection): OpenSSH's -oProxyCommand directive intentionally hands its value to $SHELL -c before opening any TCP connection, turning untrusted ssh arguments into a shell-execution primitive even when the target host is unreachable.

RemediationAI

Vendor-released patch: upgrade to Kopia 0.23.0 or later, which introduces the insecureserverbind package and refuses to bind an unauthenticated server (--without-password combined with --insecure) to any non-loopback address unless the operator explicitly passes the new --allow-extremely-dangerous-unauthenticated-server-on-the-network flag (see https://github.com/kopia/kopia/pull/5354 and the advisory at https://github.com/kopia/kopia/security/advisories/GHSA-2q4c-3mrw-63c3). If upgrading immediately is not possible, the recommended workarounds are to always start kopia server with --server-username and --server-password (or TLS client certificates) so getAuthenticator() returns a real authenticator, restrict the listen address to 127.0.0.1 or a Unix domain socket and front it with an authenticated reverse proxy, and add a host-based firewall rule blocking inbound access to the Kopia HTTP port from anything except trusted management hosts; the trade-off is that loopback-only binding breaks remote browser access until a proxy is configured. Operators should also audit logs for unexpected requests to /api/v1/repo/exists carrying storage.config.sshArguments containing -oProxyCommand.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Vendor StatusVendor

SUSE

Severity: Critical

Share

CVE-2026-45695 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy