VDB
CVE-2026-35385
CVE-2026-35385
PUBLISHED
CVSS 7.5 HIGH
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
EPSS 0.06% · 18.5th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.06%
18.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| openbsd | openssh | 0 |
| OpenBSD | OpenSSH | 0 |
Timeline
- Apr 2, 2026 CVE Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 PoC Published
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 4, 2026 Distribution Patch
- May 4, 2026 Security Advisory
- May 4, 2026 Distribution Patch
- May 4, 2026 Security Advisory
- May 5, 2026 Distribution Patch
References
- https://www.openssh.org/releasenotes.html#10.3p1 url
- https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2 url
- https://www.openwall.com/lists/oss-security/2026/04/02/3 url
- https://www.ibm.com/support/pages/node/7274185 advisory
- https://www.ibm.com/support/pages/node/7274154 advisory
- https://www.ibm.com/support/pages/node/7274180 advisory
- https://www.ibm.com/support/pages/node/7274183 advisory
- https://www.ibm.com/support/pages/node/7273957 advisory
- https://www.ibm.com/support/pages/node/7274184 advisory
- https://www.ibm.com/support/pages/node/7274314 advisory
- https://www.ibm.com/support/pages/node/7274182 advisory
- https://www.ibm.com/support/pages/node/7274181 advisory
- https://www.ibm.com/support/pages/node/7273803 advisory
- https://www.ibm.com/support/pages/node/7272901 advisory