CVE-2026-59995
EUVD-2026-4213708.07.2026, 01:16
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openbsd | openssh | 𝑥 < 10.4 | CNA |
Debian Releases
Vulnerability Media Exposure