CVE-2026-35385

ADVISORY - nist

Summary

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

EPSS Score⁠: 0.00059 (0.183)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-281⁠

Improper Preservation of Permissions

ADVISORY - redhat

CWE-281⁠

Improper Preservation of Permissions

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

24 days ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠

CVSS SCORE

7.5high

Alpine

CREATED

23 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

2 months ago

UPDATED

5 days ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 months ago

UPDATED

21 days ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.1medium

Alma

CREATED

17 days ago

UPDATED

16 days ago

ADVISORY IDALSA-2026:13381⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Alma

CREATED

17 days ago

UPDATED

16 days ago

ADVISORY IDALSA-2026:13383⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

23 days ago

UPDATED

21 days ago

ADVISORY IDALAS2-2026-3262⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Amazon

CREATED

23 days ago

UPDATED

20 days ago

ADVISORY IDALAS2023-2026-1604⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠

CVSS SCORE

7.5high

Rocky

CREATED

15 days ago

UPDATED

15 days ago

ADVISORY IDRLSA-2026:13383⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-13380⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-13381⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

16 days ago

UPDATED

16 days ago

ADVISORY IDELSA-2026-13383⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Photon

CREATED

24 days ago

UPDATED

7 days ago

ADVISORY ID

CVE-2026-35385

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.1high