QSearchQSearch

CVE-2021-3331

9.8 CRITICAL

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads sess...

Published: 2021-01-27 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

VendorProduct
winscpwinscp

Description

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2019-6109 An issue was discovered in OpenSSH 7.9 (6.8 MEDIUM)