Directory Traversal Vulnerability in OpenSSH by The OpenBSD Foundation
CVE-2026-59996

4.2MEDIUM

Key Information:

Vendor

OpenBSD

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59996?

A vulnerability in the scp command of OpenSSH prior to version 10.4 allows a user to unintentionally place files in a parent directory when transferring files between two remote destinations. This behavior creates a potential security risk, as it may expose sensitive files that could be overwritten or leaked. Users should ensure they are running the latest version of OpenSSH to mitigate this risk.

Affected Version(s)

OpenSSH 0 < 10.4

References

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.