PatchSiren

kopia CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL kopia CVE published 2026-07-16

CVE-2026-45695

CVE-2026-45695 is a critical vulnerability in Kopia, a cross-platform backup tool. Prior to version 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists. This allows an attacker to supply SFTP storage configuration, which can lead to command injection through OpenSSH. The issue is fixed in version 0.23.0. The vulnerability has a CVSS score of [truncated]