CVE-2026-35385

HIGH EPSS 20.6%
Published Apr 2, 20262mo ago · Modified Jun 17, 20261w ago
8.1 CVSS 3.1
High
Find Similar
Published Apr 2, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

CVSS Details

Base Score
8.1
Exploitability
2.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
20.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-281

Affected Products 1

VendorProductVersionRange
openbsdopenssh* <10.3

References 3

  • marc.info https://marc.info/?l=openssh-unix-dev&m=177513443901484&w=2
    Third Party Advisory
  • openssh.org https://www.openssh.org/releasenotes.html#10.3p1
    Release Notes
  • openwall.com https://www.openwall.com/lists/oss-security/2026/04/02/3
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.