SCP Client Path Traversal Allowing Local File Overwrite (CVE-2026-0964)
CVE-2026-0964 Published on March 26, 2026

Libssh: improper sanitation of paths received from scp servers
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

NVD

Timeline

Reported to Red Hat.

Made public. 6 days later.

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2026-0964 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2026-0964

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-0964 are published in these products:

Canonical Ubuntu Linux
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4: