CRITICAL
kopia
CVE published 2026-07-16
CVE-2026-45695
CVE-2026-45695 is a critical vulnerability in Kopia, a cross-platform backup tool. Prior to version 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists. This allows an attacker to supply SFTP storage configuration, which can lead to command injection through OpenSSH. The issue is fixed in version 0.23.0. The vulnerability has a CVSS score of [truncated]