You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 0964
About this tag
CVE-2026-0964 is a path traversal vulnerability in libssh's SCP client API, specifically in the ssh_scp_pull_request() function. A malicious SCP server can send an unexpected path to trick the client into writing a file outside the intended working directory, potentially planting malicious executables. This tag covers discussions on the vulnerability's risks, available fixes, and mitigation strategies for systems using libssh. Topics include improper path sanitization, exploitation scenarios, and patching guidance for affected software. The content is relevant for system administrators, security professionals, and developers managing SSH/SCP implementations on Windows or other platforms.
Background
CVE-2026-0964 is a path traversal vulnerability in libssh’s SCP client API, specifically in ssh_scp_pull_request(). In practical terms, a malicious SCP server can feed a client an unexpected path and trick the application into writing a file somewhere other than the intended working...