CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-59995

mediumCVSS 4.2covered by 2 sourcesfirst seen 2026-07-02
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server.

CSIRTS triage

vendor: OpenSSHproduct: OpenSSHOtheraffected: before 10.4
What
The sftp command in OpenSSH does not properly constrain file download locations when used with an attacker-controlled server.
Who is affected
Deployments of OpenSSH before version 10.4 using sftp.
Urgency
Remediation is medium urgency as it could lead to unauthorized file access, but no exploitation has been reported.
Action
Upgrade to OpenSSH version 10.4 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-59995

Get an email if CVE-2026-59995 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-59995

CVE.org record

Embed the live status

CVE-2026-59995 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-59995 status](https://www.csirts.com/badge/CVE-2026-59995)](https://www.csirts.com/cve/CVE-2026-59995)