Plattform
linux
Komponente
openssh
Behoben in
10.3
CVE-2026-35385 affects OpenSSH versions prior to 10.3. This vulnerability arises when using the legacy scp protocol (-O) with root privileges and without preserving mode (-p). Consequently, downloaded files may be installed with elevated setuid or setgid permissions, a behavior contrary to user expectations and potentially leading to privilege escalation. Upgrade to OpenSSH 10.3 to resolve this issue.
The core impact of CVE-2026-35385 lies in the potential for privilege escalation. An attacker, if able to initiate an scp transfer as root, could upload a malicious file and have it installed with setuid or setgid permissions. This allows the attacker to execute code with the privileges of the user owning the file (typically root), effectively bypassing standard access controls. The blast radius is significant, as a successful exploit could grant complete control over the affected system. This is particularly concerning in environments where root access is required for certain administrative tasks, as an attacker could leverage this vulnerability to gain persistent access and compromise the entire system. The legacy scp protocol's design, combined with the lack of mode preservation, creates a perfect storm for this type of exploitation.
CVE-2026-35385 was published on April 2, 2026. Its severity is rated as High with a CVSS score of 7.5. Currently, there are no publicly known Proof-of-Concept (POC) exploits. The EPSS score is pending evaluation, but the potential for privilege escalation suggests a medium to high probability of exploitation if a suitable exploit is developed and becomes publicly available. It is recommended to prioritize patching or implementing mitigations to reduce the attack surface.
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-35385 is upgrading OpenSSH to version 10.3 or later, which contains the fix. If immediate upgrading is not feasible, consider disabling the legacy scp protocol (-O) entirely. This can be achieved by modifying the OpenSSH server configuration file (sshd_config) and setting scp-protocol 1. Alternatively, ensure that the -p (preserve mode) flag is always used when performing scp transfers as root. Monitor system logs for suspicious scp activity, particularly transfers initiated by root users. Implement a Web Application Firewall (WAF) or proxy to inspect and filter scp traffic, blocking potentially malicious file transfers. A Sigma rule could be developed to detect the use of the legacy scp protocol with root privileges.
Actualice OpenSSH a la versión 10.3 o posterior. Esto corrige la vulnerabilidad que permite que los archivos descargados con scp se instalen con permisos setuid o setgid de forma inesperada al usar la opción -O (protocolo scp heredado) como root y sin la opción -p (preservar modo).
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a vulnerability in OpenSSH versions before 10.3 that allows files downloaded via scp as root to be installed with setuid/setgid permissions, potentially leading to privilege escalation.
If you're running OpenSSH versions 0 through 10.2, you are potentially affected. Check your OpenSSH version and upgrade if necessary.
Upgrade OpenSSH to version 10.3 or later. If upgrading isn't possible immediately, disable the legacy scp protocol (-O) or always use the -p (preserve mode) flag.
As of the publication date, there's no evidence of active exploitation, and no public POCs are available.
Refer to the official OpenSSH security advisory and the NVD entry for CVE-2026-35385 for detailed information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.