CVE-2026-35385
ADVISORY - nistSummary
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
EPSS Score: 0.00039 (0.115)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Preservation of Permissions
ADVISORY - redhat
Improper Preservation of Permissions
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-35385
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-35385
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-35385
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-35385
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.1mediumAmazon
CREATED
UPDATED
ADVISORY IDALAS2-2026-3262
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AhighRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-35385
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2026-35385
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-