CVE-2026-45695 Kopia: Unauthenticated RCE via SSH ProxyCommand Injection when --insecure --without-password is used
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists a...