CVE-2026-35385

ADVISORY - nist

Summary

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-281⁠

Improper Preservation of Permissions

Impacted images

Advisories

NIST

CREATED

8 hours ago

UPDATED

8 hours ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-281⁠

CVSS SCORE

7.5high

Debian

CREATED

3 hours ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-35385⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY