🟠 CVE-2026-35385 - High (7.5)

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-35385/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack