CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when “sftp server:/path .” is used with an attacker-controlled server.

Information published. Continue reading CVE-2026-59995 sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when “sftp server:/path .” is used with an attacker-controlled server.

CVE-2026-59997 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.

Information published. Continue reading CVE-2026-59997 internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.