What is CVE-2026-0964?

CVE-2026-0964 is a medium-severity vulnerability in Libssh, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-03-26.

How severe is CVE-2026-0964?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Path Traversal in Libssh

CVE-2026-0964

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execut…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (1.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L.

Affected products

Libssh
Red Hat Enterprise Linux 10 — versions 0:0.12.0-2.el10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9 — versions 0:0.10.4-18.el9
Red Hat Hardened Images
Red Hat Openshift Container Platform 4
Redhat Enterprise_linux — versions 8.0, 9.0, 10.0
Redhat Hardened_images

Weakness classification (CWE)

CWE-22 — Path Traversal

References

secalert@redhat.com (x_refsource_REDHAT, Mitigation, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking, Vendor Advisory)
secalert@redhat.com (Release Notes)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2026-0964?: CVE-2026-0964 is a medium-severity vulnerability in Libssh, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-03-26.
How severe is CVE-2026-0964?: Medium severity. CVSS v3 base score is 6.3 out of 10.