VDB

CISA-2026-0964

CISA-2026-0964 PUBLISHED CVSS 5 MEDIUM

Reported by redhat · Published March 26, 2026

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

Risk Scores

CVSS 3.0
5
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat OpenShift Container Platform 4
Red HatRed Hat Enterprise Linux 9
Red HatRed Hat Enterprise Linux 10
Red HatRed Hat Enterprise Linux 8
Red HatRed Hat Enterprise Linux 7
Red HatRed Hat Enterprise Linux 6

Timeline

  • Mar 26, 2026 CVE Published
  • Mar 26, 2026 CVE Updated

References

  • vdb-entryx_refsource_REDHAT
  • RHBZ#2436979 issue-trackingx_refsource_REDHAT
Open in Interactive Console →
$ Console Community · 100/wk Open console ›