{}

{}

{}

{"acknowledgement": "Red Hat would like to thank CTyun (Red-Shield Security Lab) and Jakub Jelen (libssh) for reporting this issue.", "bugzilla": {"description": "libssh: Improper sanitation of paths received from SCP servers", "id": "2436979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436979"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-22", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Do not use SCP! SCP is deprecated for several years and will\nbe removed in future releases!\nIf you have to, the application MUST validate the path returned\nfrom `ssh_scp_request_get_filename()` is the path the application\nrequested. The libssh does not do any writing in this case."}, "name": "CVE-2026-0964", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-02-10T18:44:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0964\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0964"], "threat_severity": "Moderate"}

{}