PatchSiren cyber security CVE debrief

CVE-2026-0964 Redhat CVE debrief

CVE-2026-0964 describes a path-handling flaw in SCP transfers where a malicious server can send unexpected paths and cause the client to overwrite files outside the intended working directory. The issue can be abused to place malicious executables or configuration files and influence what the user runs. NVD maps the issue to CWE-22 and scores it CVSS 6.3 (Medium). The description says this is the same issue as OpenSSH CVE-2019-6111.

Vendor: Redhat
Product: Unknown
CVSS: MEDIUM 6.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-03-26
Original CVE updated: 2026-05-19
Advisory published: 2026-03-26
Advisory updated: 2026-05-19

Who should care

Administrators and developers using libssh-based SCP workflows, especially where files are pulled from servers that are not fully trusted. Red Hat customers running affected libssh, hardened image, OpenShift Container Platform, or Enterprise Linux deployments should also review vendor remediation.

Technical summary

The vulnerability is triggered when an SCP server returns unexpected paths that the client does not sufficiently constrain to the working directory. That can let a server-controlled transfer write files outside the intended destination. In the supplied data, NVD marks libssh versions before 0.11.4 as vulnerable and lists Red Hat hardended_images, OpenShift Container Platform 4.0, and Enterprise Linux 8/9/10 CPEs as affected. The CVSS vector is AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L, indicating network reachability but requiring user interaction.

Defensive priority

Moderate. Prioritize remediation where SCP is used to receive files from untrusted or semi-trusted servers, or where the affected Red Hat/libssh packages are deployed in production.

Recommended defensive actions

Upgrade libssh to 0.11.4 or later, or apply the corresponding vendor-fixed packages for your platform.
Apply Red Hat advisories RHSA-2026:18160 and RHSA-2026:18683 where they match your environment.
Review any workflows that fetch files over SCP from untrusted servers and treat resulting file paths as untrusted input.
Check for unexpected files written outside the intended transfer directory after SCP activity, especially executables and configuration files.
Use the Red Hat CVE advisory page and libssh security release notes to confirm the exact fixed package set for your distribution.

Evidence notes

Supported by the supplied CVE description, which states that a malicious SCP server can send unexpected paths and overwrite files outside the working directory, and that it is the same issue as OpenSSH CVE-2019-6111. NVD metadata in the source corpus marks the issue as CWE-22 with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The NVD CPE data marks libssh versions before 0.11.4 as vulnerable and lists Red Hat hardened images, OpenShift Container Platform 4.0, and Enterprise Linux 8/9/10 as affected. No exploit steps or unverified impact claims are included.

Official resources

CVE-2026-0964 CVE record
CVE.org
CVE-2026-0964 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
Mitigation or vendor reference
[email protected] - Release Notes

Publicly published on 2026-03-26T21:17:00.393Z and last modified on 2026-05-19T14:16:32.177Z.