CVE-2026-0964

MEDIUM

Libssh: improper sanitation of paths received from scp servers

Title source: cna

Description

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.

References (5)

Core 5

Core References

https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-0964

Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat

RHBZ#2436979

https://bugzilla.redhat.com/show_bug.cgi?id=2436979

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:18160

https://access.redhat.com/errata/RHSA-2026:18160

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:18683

https://access.redhat.com/errata/RHSA-2026:18683

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (15)

libssh/libssh < 0.11.4

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 10 0:0.12.0-2.el10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat Enterprise Linux 9 0:0.10.4-18.el9

Red Hat/Red Hat Hardened Images

Red Hat/Red Hat OpenShift Container Platform 4

... and 5 more

Published Mar 26, 2026

Tracked Since Mar 27, 2026