File Download Vulnerability in OpenSSH SFTP from Attacker-Controlled Servers
CVE-2026-59995

4.2MEDIUM

Key Information:

Vendor

OpenBSD

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59995?

A vulnerability exists in the SFTP component of OpenSSH prior to version 10.4 that potentially allows an attacker to exploit the file download functionality. Specifically, when using the command 'sftp server:/path .', the application does not adequately restrict the locations of the downloaded files if sourced from an attacker-controlled server. This could lead to unauthorized file access or overwriting of sensitive files, which poses a significant risk to the integrity and security of data managed by affected systems.

Affected Version(s)

OpenSSH 0 < 10.4

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.