CVE-2026-0964

Libssh: improper sanitation of paths received from scp servers

Published: 3/26/2026 Last updated: 5/19/2026 Reserved: 1/14/2026

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	5	Medium	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Opam packages affected (1)

libssh

Products affected (16)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	curl and libcurl before 7.57.0
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 8	Red Hat	7.45
Red Hat Enterprise Linux 10	Red Hat	Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312)
Red Hat Enterprise Linux 9	Red Hat	n/a
Red Hat Enterprise Linux 9	Red Hat	32-bit Systems Service Pack 1
Red Hat Enterprise Linux 8	Red Hat	Windows RT 8.1
Red Hat Enterprise Linux 7	Red Hat	(Server Core installation)
Red Hat Enterprise Linux 6	Red Hat	x64-based Systems Service Pack 1
Red Hat Hardened Images	Red Hat	7.49
Red Hat Hardened Images	Red Hat	32-bit Systems Service Pack 2
Red Hat Enterprise Linux 6	Red Hat	7.20
Red Hat Enterprise Linux 7	Red Hat	7.20EXT
Red Hat OpenShift Container Platform 4	Red Hat	32-bit Systems Service Pack 2 (Server Core installation)
Red Hat OpenShift Container Platform 4	Red Hat	7.53

References (10)

Credits (2)

Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue.
Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue.