CVE-2026-0964
Modified Modified - Updated After Analysis
Path Traversal in SCP Client Allows Arbitrary File Overwrite

Publication date: 2026-03-26

Last updated on: 2026-05-19

Assigner: Red Hat, Inc.

Description
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0964
EUVD
EUVD-2026-16326
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 8.0
redhat openshift_container_platform 4.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
redhat hardened_images *
libssh libssh to 0.11.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

This vulnerability arises from improper sanitation of file paths received from SCP servers in libssh clients, allowing malicious servers to overwrite local files outside the working directory.

To mitigate this vulnerability, you should update libssh to a version where this issue is fixed.

Additionally, avoid using SCP clients that rely on vulnerable versions of libssh when connecting to untrusted servers.

Impact Analysis

This vulnerability can allow a malicious SCP server to overwrite local files outside of the expected directory on your system.

An attacker could use this to create or modify malicious executable or configuration files on your client system.

Under specific conditions, this could lead to execution of harmful code, potentially compromising your system's security.

Executive Summary

CVE-2026-0964 is a security vulnerability in libssh related to improper sanitation of file paths received from SCP servers.

A malicious SCP server can send crafted paths that cause the libssh client to overwrite local files outside of its intended working directory.

This flaw can be exploited to create or modify malicious executable or configuration files on the client system, potentially leading to execution of harmful code under certain conditions.

It is analogous to the previously known OpenSSH vulnerability CVE-2019-6111.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0964. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart