CVE-2026-45695
CRITICAL
9.8
CVSS 3.1
Description
Kopia is a cross-platform backup tool for Windows, macOS, and Linux with fast incremental backups, client-side end-to-end encryption, compression, and data deduplication. Prior to 0.23.0, Kopia's HTTP server started with --without-password accepts unauthenticated requests to /api/v1/repo/exists and forwards attacker-supplied SFTP storage configuration to blob.NewStorage, where externalSSH: true and sshArguments containing -oProxyCommand=<cmd> can cause exec.CommandContext("ssh") to invoke the command through OpenSSH. This issue is fixed in version 0.23.0.
Metadata
Severity & Metrics
9.8
CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| kopia | kopia | — | < 0.23.0 |
Weakness (CWE)
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.8 | CRITICAL | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (4)
- https://github.com/kopia/kopia/security/advisories/GHSA-2q4c-3mrw-63c3 https://github.com/kopia/kopia/security/advisories/GHSA-2q4c-3mrw-63c3
- https://github.com/kopia/kopia/pull/5354 https://github.com/kopia/kopia/pull/5354
- https://github.com/kopia/kopia/commit/c26c6a1b9734c5089217986ffa5cd19f8a6b8900 https://github.com/kopia/kopia/commit/c26c6a1b9734c5089217986ffa5cd19f8a6b8900
- https://github.com/kopia/kopia/releases/tag/v0.23.0 https://github.com/kopia/kopia/releases/tag/v0.23.0