CVE-2026-59995

Published Jul 8, 2026

Last updated 2 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-59995 is a path traversal vulnerability found in the `sftp` client of OpenSSH versions prior to 10.4. This flaw arises when a user employs the command "sftp server:/path ." to download files from an attacker-controlled server. The `sftp` client, in this scenario, does not adequately restrict the destination of the downloaded files. This inadequate constraint allows a malicious server to influence the local file operations on the client's system. By exploiting this, an attacker could potentially specify arbitrary local file system locations for downloaded content, leading to the overwriting of critical system files or the placement of malicious payloads in privileged directories.

Description
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.
Source
cve@mitre.org
NVD status
Analyzed
Products
openssh

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Severity
MEDIUM

Weaknesses

cve@mitre.org
CWE-23

Social media

Hype score
Not currently trending

Configurations