Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Fedora 44 OpenSSH Critical Remote Copy Misplacement CVE-2026-59996

fedora
Calendar Grey July 19, 2026
Scroller Fedora
Fedora 44 openssh updates address critical issues including remote file misplacement and use-after-free vulnerabilities. Upgrade now.
CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host CVE-2026-60002...

Summary

SSH (Secure SHell) is a program for logging into and executing

commands on a remote machine. SSH is intended to replace rlogin and

rsh, and to provide secure encrypted communications between two

untrusted hosts over an insecure network. X11 connections and

arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing

it up to date in terms of security and features.

This package includes the core files necessary for both the OpenSSH

client and server. To make this package useful, you should also

install openssh-clients, openssh-server, or both.

Update Information:

CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange

Change Log

* Fri Jul 17 2026 Zoltan Fridrich - 10.2p1-13 - CVE-2026-59996: Fix remote glob result of ".." causing files to be placed in unintended parent directories when scp performs remote-to-remote copy via the local host Resolves: rhbz#2498027 - CVE-2026-60002: Fix use-after-free in cached hostkey during key re-exchange Resolves: rhbz#2497966

References


[ 1 ] Bug #2497966 - CVE-2026-60002 openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2497966 [ 2 ] Bug #2498027 - CVE-2026-59996 openssh: OpenSSH: `scp` file misplacement vulnerability during remote copy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2498027

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c9d8542bb3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openssh
Product: Fedora 44
Version: 10.2p1
Release: 13.fc44
Summary: An open source implementation of SSH protocol version 2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.