CVE-2026-0964: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Red Hat Enterprise Linux 10
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.
AI Analysis
Technical Summary
This vulnerability involves improper limitation of pathnames in the SCP client of Red Hat Enterprise Linux 10. When connecting to a malicious SCP server, the client may accept unexpected pathnames that allow overwriting of local files outside the working directory. This can lead to the creation of malicious executables or configuration files, potentially resulting in execution under certain conditions. The vulnerability is analogous to CVE-2019-6111 in OpenSSH. The CVSS 3.0 vector indicates network attack vector, high attack complexity, no privileges required, user interaction required, unchanged scope, and low impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows a remote attacker controlling an SCP server to cause the SCP client to overwrite arbitrary files on the client system outside the intended directory. This could lead to the creation of malicious executables or configuration files, which might be executed by the user, potentially compromising the client system. The impact is rated medium with limited confidentiality, integrity, and availability impact as per the CVSS score.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-0964 for current remediation guidance. Until an official fix is available, users should exercise caution when using SCP with untrusted servers. No vendor advisory content explicitly states that no action is required or that the issue is already mitigated.
CVE-2026-0964: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Red Hat Enterprise Linux 10
Description
A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves improper limitation of pathnames in the SCP client of Red Hat Enterprise Linux 10. When connecting to a malicious SCP server, the client may accept unexpected pathnames that allow overwriting of local files outside the working directory. This can lead to the creation of malicious executables or configuration files, potentially resulting in execution under certain conditions. The vulnerability is analogous to CVE-2019-6111 in OpenSSH. The CVSS 3.0 vector indicates network attack vector, high attack complexity, no privileges required, user interaction required, unchanged scope, and low impact on confidentiality, integrity, and availability.
Potential Impact
The vulnerability allows a remote attacker controlling an SCP server to cause the SCP client to overwrite arbitrary files on the client system outside the intended directory. This could lead to the creation of malicious executables or configuration files, which might be executed by the user, potentially compromising the client system. The impact is rated medium with limited confidentiality, integrity, and availability impact as per the CVSS score.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-0964 for current remediation guidance. Until an official fix is available, users should exercise caution when using SCP with untrusted servers. No vendor advisory content explicitly states that no action is required or that the issue is already mitigated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-01-14T21:54:31.925Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-0964","vendor":"Red Hat"}]
Threat ID: 69c59e483c064ed76fcd549f
Added to database: 3/26/2026, 8:59:52 PM
Last enriched: 5/9/2026, 2:13:40 AM
Last updated: 5/10/2026, 9:30:37 AM
Views: 76
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.