CVE-2024-3094Critical· 10.0▾ MidnightA backdoor was intentionally introduced into the xz-utils upstream release tarballs (5.6.0 / 5.6.1). When linked into sshd via liblzma, it allows a remote attacker holding a specific key to bypass authentication and execute commands.
▾ Midnight zone — Critical, or high with PoC / in-the-wild
impact 55 · likelihood 17.2 · exploitation 0
The latest CVEs are free to read. CVE-2024-3094 is outside the free window — sign in (free) to view the full technical detail, affected versions, references, and raw markdown.