SCP Server Vulnerability in OpenSSH Client by Red Hat
CVE-2026-0964

5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
26 March 2026

What is CVE-2026-0964?

A vulnerability exists in the OpenSSH client that allows a malicious SCP server to supply unexpected file paths. This issue can lead the client application to overwrite local files outside its designated working directory. Exploitation of this vulnerability may enable an attacker to create harmful executable or configuration files, potentially leading to their execution by the user in various compromising situations. This issue is related to a previously identified vulnerability in OpenSSH, identified as CVE-2019-6111.

Affected Version(s)

Red Hat Enterprise Linux 10 0:0.12.0-2.el10

Red Hat Enterprise Linux 9 0:0.10.4-18.el9

Red Hat Enterprise Linux 9 0:0.10.4-18.el9

References

https://access.redhat.com/errata/RHSA-2026:18160
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:18683
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-0964
vdb-entryx_refsource_REDHAT

CVSS V3.0

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue.
.