CVE-2026-35385
EUVD-2026-1839802.04.2026, 17:16
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openssh | 𝑥 < 10.3 |
𝑥
= Vulnerable software versions
Debian Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| openssh |
| ||||||||||||||||
| openssh-askpass |
| ||||||||||||||||
| openssh-cavs |
| ||||||||||||||||
| openssh-clients |
| ||||||||||||||||
| openssh-keycat |
| ||||||||||||||||
| openssh-ldap |
| ||||||||||||||||
| openssh-server |
| ||||||||||||||||
| pam |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| openssh |
| ||||
| openssh-askpass |
| ||||
| openssh-cavs |
| ||||
| openssh-clients |
| ||||
| openssh-clients-debuginfo |
| ||||
| openssh-debuginfo |
| ||||
| openssh-debugsource |
| ||||
| openssh-keycat |
| ||||
| openssh-keycat-debuginfo |
| ||||
| openssh-ldap |
| ||||
| openssh-server |
| ||||
| openssh-server-debuginfo |
| ||||
| openssh-server-sysvinit |
| ||||
| pam_ssh_agent_auth |
| ||||
| pam_ssh_agent_auth-debuginfo |
|
Common Weakness Enumeration
References