CVE-2026-59995
ADVISORY - debianSummary
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
- openssh 1:10.4p1-1 https://www.openssh.org/releasenotes.html#10.4p1
Common Weakness Enumeration (CWE)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-59995
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-