diff --git a/libssh-0.10.5-CVE-2026-0964.patch b/libssh-0.10.5-CVE-2026-0964.patch
new file mode 100644
index 0000000000000000000000000000000000000000..36acb71c83aac2a4e71ceb4a3c47ccfadf51bb92
--- /dev/null
+++ b/libssh-0.10.5-CVE-2026-0964.patch
@@ -0,0 +1,41 @@
+From a5e4b12090b0c939d85af4f29280e40c5b6600aa Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Mon, 22 Dec 2025 19:16:44 +0100
+Subject: [PATCH] CVE-2026-0964 scp: Reject invalid paths received through scp
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+(cherry picked from commit daa80818f89347b4d80b0c5b80659f9a9e55e8cc)
+
+
+---
+ src/scp.c |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/scp.c b/src/scp.c
+index 103822c..c23b7b1 100644
+--- a/src/scp.c
++++ b/src/scp.c
+@@ -848,6 +848,22 @@ int ssh_scp_pull_request(ssh_scp scp)
+         size = strtoull(tmp, NULL, 10);
+         p++;
+         name = strdup(p);
++        /* Catch invalid name:
++         *  - empty ones
++         *  - containing any forward slash -- directory traversal handled
++         *    differently
++         *  - special names "." and ".." referring to the current and parent
++         *    directories -- they are not expected either
++         */
++        if (name == NULL || name[0] == '\0' || strchr(name, '/') ||
++            strcmp(name, ".") == 0 || strcmp(name, "..") == 0) {
++            ssh_set_error(scp->session,
++                          SSH_FATAL,
++                          "Received invalid filename: %s",
++                          name == NULL ? "<NULL>" : name);
++            SAFE_FREE(name);
++            goto error;
++        }
+         SAFE_FREE(scp->request_name);
+         scp->request_name = name;
+         if (buffer[0] == 'C') {
diff --git a/libssh.spec b/libssh.spec
index 39add84df8618f3c5f14e9efa967a607a99ffb99..47cb227f2cfcf3e2ff7e88ab2566d952ed1a06ce 100644
--- a/libssh.spec
+++ b/libssh.spec
@@ -3,7 +3,7 @@
 Summary:        A library implementing the SSH protocol
 Name:           libssh
 Version:        0.10.5
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        LGPLv2+
 URL:            http://www.libssh.org
 Source0:        https://www.libssh.org/files/%major_version/%{name}-%{version}.tar.xz
@@ -11,6 +11,7 @@ Source0:        https://www.libssh.org/files/%major_version/%{name}-%{version}.t
 Patch0001:      CVE-2023-6004.patch
 Patch0002:      CVE-2023-6918.patch
 Patch0003:      CVE-2023-48795.patch
+Patch0004:      libssh-0.10.5-CVE-2026-0964.patch
 
 BuildRequires:  cmake, gcc-c++
 BuildRequires:  openssl-devel, pam_wrapper, krb5-devel
@@ -79,6 +80,10 @@ popd
 %{_libdir}/libssh_threads.so
 
 %changelog
+* Wed Apr 15 2026 PkgAgent Robot <pkgagent@opencloudos.tech> - 0.10.5-7
+- [Type] security
+- [DESC] Fix CVE-2026-0964: scp: Reject invalid paths received through scp
+
 * Mon Sep 15 2025 Xin Cheng <denisecheng@tencent.com> - 0.10.5-6
 - Update Source0