CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-59996

mediumCVSS 4.2covered by 2 sourcesfirst seen 2026-07-02
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.

CSIRTS triage

vendor: OpenSSHproduct: scpOtheraffected: before 10.4
What
scp may place a file in the parent directory of an intended directory during remote copy operations.
Who is affected
Deployments of OpenSSH scp before version 10.4 are affected.
Urgency
Remediation is medium due to the potential for misplacement of files.
Action
Upgrade OpenSSH to version 10.4 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-59996

Get an email if CVE-2026-59996 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (2)

External references

NVD record for CVE-2026-59996

CVE.org record

Embed the live status

CVE-2026-59996 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-59996 status](https://www.csirts.com/badge/CVE-2026-59996)](https://www.csirts.com/cve/CVE-2026-59996)