Bug 2497929 (CVE-2026-59997) - CVE-2026-59997 openssh: OpenSSH: SFTP security bypass due to command-line argument parsing flaw
Summary: CVE-2026-59997 openssh: OpenSSH: SFTP security bypass due to command-line arg...
Keywords:
Status: NEW
Alias: CVE-2026-59997
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-08 01:01 UTC by OSIDB Bzimport
Modified: 2026-07-08 06:02 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-08 01:01:32 UTC
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.


Note You need to log in before you can comment on or make changes to this bug.