CVE-2026-35385 — Improper Preservation of Permissions in Openssh

CWE-281 — Improper Preservation of Permissions10 documents9 sources

Severity

7.5HIGHNVD

EPSS

0.0%

top 88.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedApr 2

Latest updateApr 3

Description

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5openbsd/openssh< 10.3

🔴Vulnerability Details

OSV

CVE-2026-35385: (In OpenSSH before 10↗2026-04-03

▶

CVEList

CVE-2026-35385: In OpenSSH before 10↗2026-04-02

▶

OSV

CVE-2026-35385: In OpenSSH before 10↗2026-04-02

▶

GHSA

GHSA-jgqr-738j-43cg: In OpenSSH before 10↗2026-04-02

▶

📋Vendor Advisories

Microsoft

CVE-2026-35385: Mariner: Mariner mitre: mitre Customer Action Required: Yes↗2026-04-02

▶

Red Hat

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode↗2026-04-02

▶

Debian

CVE-2026-35385: openssh - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setg...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-35385 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-35385 OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode↗2026-04-02

▶