CVE-2026-45695
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with –without-password accepts unauthenticated requests to /api/v1/repo/exists and forwards attacker-supplied SFTP storage configuration to blob.NewStorage, where externalSSH: true and sshArguments containing -oProxyCommand=<cmd> can cause exec.CommandContext("ssh") to invoke the command through OpenSSH. This issue is fixed in version 0.23.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| kopia | kopia | < 0.23.0 | affected |
Weaknesses
- CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://github.com/kopia/kopia/security/advisories/GHSA-2q4c-3mrw-63c3
- https://github.com/kopia/kopia/pull/5354
- https://github.com/kopia/kopia/commit/c26c6a1b9734c5089217986ffa5cd19f8a6b8900
- https://github.com/kopia/kopia/releases/tag/v0.23.0
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.