CVE-2026-59996

Published: July 11, 2026Last modified: July 16, 2026

Description

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

Severity score breakdown

ParameterValue
Base score5.4
Attack VectorNETWORK
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactLOW
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux25 LTSopensshFixed (10.4_p1-r0)
StreamopensshFixed (10.4_p1-r0)
Hardened Containers25 LTSopensshFixed (10.4_p1-r0)
StreamopensshFixed (10.4_p1-r0)

References

ON THIS PAGE