8.1

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenbsdOpenssh Version < 10.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.336
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cve@mitre.org 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 1.6 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://www.openssh.org/releasenotes.html#10.3p1
Release Notes
https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
Third Party Advisory
https://www.openwall.com/lists/oss-security/2026/04/02/3
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2454469
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35385.json
https://access.redhat.com/errata/RHSA-2026:12389
https://access.redhat.com/errata/RHSA-2026:13380
https://access.redhat.com/errata/RHSA-2026:13381
https://access.redhat.com/errata/RHSA-2026:13383
https://access.redhat.com/errata/RHSA-2026:14937
https://access.redhat.com/errata/RHSA-2026:16059
https://access.redhat.com/errata/RHSA-2026:19069
https://access.redhat.com/errata/RHSA-2026:19219
https://access.redhat.com/errata/RHSA-2026:20040
https://access.redhat.com/errata/RHSA-2026:21275
https://access.redhat.com/errata/RHSA-2026:21298
https://access.redhat.com/errata/RHSA-2026:21398
https://access.redhat.com/errata/RHSA-2026:22329
https://access.redhat.com/errata/RHSA-2026:22468
https://access.redhat.com/errata/RHSA-2026:22564
https://access.redhat.com/errata/RHSA-2026:22648
https://access.redhat.com/errata/RHSA-2026:25044
https://access.redhat.com/errata/RHSA-2026:25063
https://access.redhat.com/errata/RHSA-2026:25096
https://access.redhat.com/errata/RHSA-2026:25181
https://access.redhat.com/errata/RHSA-2026:26528
https://access.redhat.com/errata/RHSA-2026:26542
https://access.redhat.com/errata/RHSA-2026:28887
https://access.redhat.com/errata/RHSA-2026:28962
https://access.redhat.com/errata/RHSA-2026:30078
https://access.redhat.com/errata/RHSA-2026:30087
https://access.redhat.com/errata/RHSA-2026:30088
https://access.redhat.com/errata/RHSA-2026:30089
https://access.redhat.com/security/cve/CVE-2026-35385