Directory Traversal Vulnerability in OpenSSH by The OpenBSD Foundation
CVE-2026-59996
4.2MEDIUM
What is CVE-2026-59996?
A vulnerability in the scp command of OpenSSH prior to version 10.4 allows a user to unintentionally place files in a parent directory when transferring files between two remote destinations. This behavior creates a potential security risk, as it may expose sensitive files that could be overwritten or leaked. Users should ensure they are running the latest version of OpenSSH to mitigate this risk.
Affected Version(s)
OpenSSH 0 < 10.4