{"uuid": "17743ea9-80fc-4a35-98d2-341936e24372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-59995", "type": "seen", "source": "https://bsky.app/profile/bootintel.bsky.social/post/3mqbbbatvik2g", "content": "MEDIUM severity CVE just published in OpenSSH:\n\nCVE-2026-59995. sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when \"sftp server:/path .\" is used with an attacker-controlled server.\n\nnvd.nist.gov/vuln/detail/CVE-2026-59995", "creation_timestamp": "2026-07-10T04:02:17.297972Z"}