VDB
CISA-2026-0964
CISA-2026-0964
PUBLISHED
CVSS 5 MEDIUM
Reported by redhat · Published March 26, 2026
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.
Risk Scores
CVSS 3.0
5
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat OpenShift Container Platform 4 | |
| Red Hat | Red Hat Enterprise Linux 9 | |
| Red Hat | Red Hat Enterprise Linux 10 | |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 6 |
Timeline
- Mar 26, 2026 CVE Published
- Mar 26, 2026 CVE Updated
References
- vdb-entryx_refsource_REDHAT
- RHBZ#2436979 issue-trackingx_refsource_REDHAT