5 matches found
CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write
Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...
Wish has SCP Path Traversal that allows arbitrary file read/write
The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...
SUSE-SU-2026:1344-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2026-3731: denial of service via out-of-bounds read in SFTP extension name handler bsc1259377. - CVE-2026-0964: SCP protocol path traversal in sshscppullrequest bsc1258049. - CVE-2026-0965: possible denial of service when parsing unexpected...
Medium: libssh
Issue Overview: libssh: SCP Protocol Path Traversal in sshscppullrequest CVE-2026-0964 libssh: Specially crafted patterns could cause DoS CVE-2026-0967 Affected Packages: libssh Issue Correction: Run dnf update libssh --releasever 2023.10.20260325 or dnf update --advisory ALAS2023-2026-1472...
EUVD-2026-16326
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...