Product
CVE-2026-59995 describes a vulnerability in the OpenSSH sftp client, specifically versions before 10.4, that allows an attacker to control the location of downloaded files when a user executes 'sftp server:/path .' against an attacker-controlled server, potentially leading to arbitrary file placement and subsequent system compromise.