PT-2026-56288 · Openssh · Openssh
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-59997
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenSSH versions prior to 10.4
Description
The
internal-sftp component in sshd only recognizes the first 9 command-line arguments. This limitation may compromise security properties if critical configuration arguments are placed beyond the ninth position and are consequently ignored by the system.Recommendations
Update to OpenSSH version 10.4 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openssh