You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
scp path traversal
About this tag
The scp path traversal tag covers a specific security vulnerability, CVE-2026-0964, found in libssh's SCP client API. This flaw allows a malicious SCP server to send a crafted path that tricks the client application into writing files outside the intended directory, potentially enabling arbitrary file writes. Discussions on WindowsForum.com focus on the technical details of the vulnerability, its risks, and available fixes or mitigations. The tag is relevant for IT professionals and security researchers concerned with SSH/SCP protocol implementations and path traversal attacks in enterprise environments.
Background
CVE-2026-0964 is a path traversal vulnerability in libssh’s SCP client API, specifically in ssh_scp_pull_request(). In practical terms, a malicious SCP server can feed a client an unexpected path and trick the application into writing a file somewhere other than the intended working...