1 article
OpenSSH 10.3, released April 26, addresses CVE-2026-35386, a shell metacharacter injection flaw in the scp client that can result in unintended remote command execution when transferring files from attacker-controlled servers. While exploitation requires non-default configuration, scp is still widely used in automated backup and deployment pipelines and should be updated promptly.