Kopia CVE-2026-45695
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by splitting sshArguments on spaces and passes the result directly to exec.CommandContext("ssh"). An -oProxyCommand=<cmd> token in sshArguments causes OpenSSH to invoke <cmd> via $SHELL -c before any TCP connection is attempted, giving the requester arbitrary command execution as the Kopia process user.
Analysis
internal/server/server_authz_checks.go lines 61-73:
when the server is started without --server-username or --server-password, getAuthenticator() returns nil and requireUIUser unconditionally authorizes the request. Every endpoint registered through handleUIPossiblyNotConnected becomes accessible without credentials.
repo/blob/sftp/sftp_storage.go lines 448-468:
opt.SSHArguments is populated from the JSON request body (storage.config.sshArguments). The string is split only on the literal ASCII space character, there is no shell style tokenizer, no quote handling, and no allowlist. Whatever tokens the caller supplies are appended to the ssh argv.
OpenSSH treats -oProxyCommand=<value> as a directive to execute <value> via the user's shell ($SHELL -c <value>) and pipe the SSH transport over its stdio. The shell invocation happens before SSH attempts a TCP connection, so the command runs even when the target host is unreachable.
Impact
No user interaction is required. No valid credentials are required. The exploit is a single HTTP request.
Credits
This vulnerability was discovered and responsibly disclosed by Daniele Berardinelli.
Mitigation
https://github.com/kopia/kopia/pull/5354 disallows starting of a server without a password which also listens on a non-loopback interface.
AnalysisAI
Remote code execution in Kopia backup server (≤ 0.22.3) allows unauthenticated attackers to run arbitrary OS commands as the Kopia process user via a single HTTP request to /api/v1/repo/exists when the server is launched with --without-password. Publicly available exploit code exists through the published GHSA advisory and PR diff; no public exploit identified at time of analysis as being weaponized in the wild, but the trivially exploitable vector (CVSS 9.8) and detailed write-up make weaponization straightforward. The bug stems from naive space-splitting of attacker-controlled sshArguments that is fed to exec.CommandContext("ssh"), letting an -oProxyCommand= token trigger $SHELL -c execution before any SSH transport is established.
Technical ContextAI
Kopia is an open-source, cross-platform backup tool written in Go (pkg:go/github.com_kopia_kopia) that exposes an HTTP control/UI API. Two code paths combine to produce this flaw: internal/server/server_authz_checks.go (lines 61-73) returns a nil authenticator when --server-username/--server-password are absent, causing requireUIUser to unconditionally authorize every UI endpoint registered via handleUIPossiblyNotConnected; and repo/blob/sftp/sftp_storage.go (lines 448-468) tokenizes attacker-supplied SSHArguments by splitting on the literal ASCII space and appends the tokens directly to the ssh argv via os/exec, with no shell tokenizer, quote handling, or allowlist. The root cause is classic CWE-78 (OS Command Injection): OpenSSH's -oProxyCommand directive intentionally hands its value to $SHELL -c before opening any TCP connection, turning untrusted ssh arguments into a shell-execution primitive even when the target host is unreachable.
RemediationAI
Vendor-released patch: upgrade to Kopia 0.23.0 or later, which introduces the insecureserverbind package and refuses to bind an unauthenticated server (--without-password combined with --insecure) to any non-loopback address unless the operator explicitly passes the new --allow-extremely-dangerous-unauthenticated-server-on-the-network flag (see https://github.com/kopia/kopia/pull/5354 and the advisory at https://github.com/kopia/kopia/security/advisories/GHSA-2q4c-3mrw-63c3). If upgrading immediately is not possible, the recommended workarounds are to always start kopia server with --server-username and --server-password (or TLS client certificates) so getAuthenticator() returns a real authenticator, restrict the listen address to 127.0.0.1 or a Unix domain socket and front it with an authenticated reverse proxy, and add a host-based firewall rule blocking inbound access to the Kopia HTTP port from anything except trusted management hosts; the trade-off is that loopback-only binding breaks remote browser access until a proxy is configured. Operators should also audit logs for unexpected requests to /api/v1/repo/exists carrying storage.config.sshArguments containing -oProxyCommand.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a
Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allVendor StatusVendor
SUSE
Severity: CriticalShare
External POC / Exploit Code
Leaving vuln.today
GHSA-2q4c-3mrw-63c3