SCP Server Vulnerability in OpenSSH Client by Red Hat
CVE-2026-0964

5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Vendor
CVE Published:
26 March 2026

What is CVE-2026-0964?

A vulnerability exists in the OpenSSH client that allows a malicious SCP server to supply unexpected file paths. This issue can lead the client application to overwrite local files outside its designated working directory. Exploitation of this vulnerability may enable an attacker to create harmful executable or configuration files, potentially leading to their execution by the user in various compromising situations. This issue is related to a previously identified vulnerability in OpenSSH, identified as CVE-2019-6111.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2026-0964
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2436979
issue-trackingx_refsource_REDHAT
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-...

CVSS V3.0

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue.
JSON
.