294 matches found
CVE-2026-59996
A flaw was found in OpenSSH, a widely used tool for secure remote access. When a user attempts to copy files between two different remote systems using the scp command, the file might be incorrectly placed in a directory above the intended destination. This unintended file placement could lead to...
DEBIAN-CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-59997
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...
CVE-2026-9547
A flaw was found in curl. When a libcurl-based application uses SCP:// or SFTP:// for transfers and employs the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This occurs if the server's host key type differs from the one stored in the knownhosts file. The callback...
CVE-2026-5268
An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...
EUVD-2026-41884
An authentication bypass vulnerability exists in the default SFTP server component utilized across the Ciena products listed. This vulnerability allows a remote, unauthenticated attacker to bypass security controls and gain unauthorized access to the underlying filesystem. Successful exploitation...
PT-2026-55943
Name of the Vulnerable Software and Affected Versions Ciena products affected versions not specified Description An authentication bypass exists in the default SFTP server component. This allows a remote, unauthenticated attacker to circumvent security controls and gain unauthorized access to the...
ALPINE-CVE-2026-9547
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
ALPINE-CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-9547 SSH improper host validation
When a libcurl-based application performs transfers via SCP:// or SFTP:// and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for th...
CVE-2026-9547
The CVE-2026-9547 issue affects libcurl when performing SCP/SFTP transfers with CURLOT_SSH_KEYFUNCTION in the SSH key callback. A host-key type mismatch for a known_hosts entry may be silently accepted, bypassing the intended validation and allowing connections to succeed without warning, which e...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
EUVD-2026-41502
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064 proto-default skips SSH verification
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
CVE-2026-12064
When a user invokes curl using a schemeless URL combined with --proto-default sftp or scp, a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like...
Linux Distros Unpatched Vulnerability : CVE-2026-53422
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and...
EUVD-2026-41413
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
CVE-2026-54886
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...
EEF-CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop
Summary Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle\data/4 function in ssh\sftpd contains a catch-all clause that accepts channel data of any...