Main Vulnerability Database Vulnerabilities #VU128475

Improper privilege management in OpenSSH - CVE-2026-35385

Published: April 29, 2026

Vulnerability identifier: #VU128475

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-35385

CWE-ID: CWE-269

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OpenSSH

Software vendor:
OpenSSH

Description

The vulnerability allows a local privileged user to create files with unintended setuid or setgid bits.

The vulnerability exists due to improper privilege management in scp(1) when downloading files in legacy (-O) mode as root without the -p flag set. A local privileged user can download a file with crafted mode bits to create files with unintended setuid or setgid bits.

The issue occurs only in legacy mode and only when files are downloaded as root without preserving modes.

Remediation

Install security update from vendor's website.

External links

https://www.openssh.org/releasenotes.html#10.3

Improper privilege management in OpenSSH - CVE-2026-35385

Description

Remediation

External links

Please verify you're human