The OpenSSH project has released version 10.3 with a fix for CVE-2026-35386, a shell metacharacter injection vulnerability in the scp (Secure Copy Protocol) client. The flaw allows a malicious or compromised remote server to inject arbitrary shell commands that are executed by the connecting scp client under the local userβs privileges.
While CVE-2026-35386 carries a CVSS v3.1 base score of 3.6 β placing it in the LOW severity range due to its dependency on an attacker-controlled remote server and non-default configuration β its impact on automated infrastructure pipelines warrants prompt attention.
The Vulnerability
OpenSSHβs scp client, when operating in legacy SCP protocol mode (as opposed to the newer SFTP subsystem), constructs a shell command string on the server side to enumerate and transfer files. If a remote server is compromised or malicious, it can return filenames containing shell metacharacters (such as backtick sequences, $() command substitution, semicolons, or pipe characters) that are interpreted by the client-side shell when the transfer output is processed.
The CVSS scoreβs LOW rating reflects two limiting constraints: the attacker must control or compromise the remote server to which the client is connecting, and the client must be configured to use legacy SCP mode. However, two conditions make the practical risk higher than the base score suggests:
-
Legacy SCP mode remains default in many deployments. While OpenSSH has progressively encouraged migration to SFTP, the
-sflag (SFTP mode) is not the default forscpinvocations. Automated scripts inherited from older infrastructure frequently omit this flag. -
Supply chain attack scenarios. Automated CI/CD pipelines and backup systems that scp artefacts from build servers represent a supply chain vector. If the build server is compromised (as seen in the TeamPCP supply chain campaign documented earlier this month), the metacharacter injection path enables direct code execution on the engineering or production host that pulls the artefact.
Affected Versions
CVE-2026-35386 affects OpenSSH versions 8.9 through 10.2 (inclusive). OpenSSH 10.3 contains the fix. Note that this is a distinct vulnerability from CVE-2026-35385 (the scp setuid privilege preservation flaw patched in OpenSSH 10.2 and already covered by CipherWatch).
| Version Range | Status |
|---|---|
| < 8.9 | Not affected (legacy scp path differs) |
| 8.9 β 10.2 | Vulnerable |
| 10.3 | Fixed |
Distribution Status
Most major distributions ship OpenSSH from the 8.9β10.2 range; distribution security teams are expected to issue backported patches for stable releases within the coming days. Operators should check:
- RHEL/AlmaLinux/Rocky:
openssh-8.7p1on RHEL 9 β watch for RHSA advisory - Ubuntu 22.04/24.04:
1:8.9p1and1:9.6p1respectively β Ubuntu Security Notice pending - Debian 12:
1:9.2p1β DSA expected from the Debian Security Team
Recommended Actions
- Upgrade to OpenSSH 10.3 on all systems where it is available; for distribution-managed packages, apply the distribution backport once issued.
- Migrate automated pipelines to SFTP mode β add the
-sor--sftpflag to allscpinvocations in CI/CD scripts, cron jobs, and backup automation; or replace scp usage withrsync --rsh=sshor native SFTP tooling. - Audit scp usage in automation β grep deployment scripts, Jenkinsfiles, GitLab CI configurations, and cron jobs for
scpinvocations that target servers not under your direct control. - Review server trust boundaries β scp from untrusted or externally-hosted servers should be treated as a high-risk operation; validate server host keys and consider prohibiting scp in favour of checksum-verified file downloads where possible.
Share this article