OESA-2026-2569 gvfs security update

🗓️ 05 Jun 2026 15:48:50Reported by GoogleType

osv🔗 osv.dev👁 2 Views

GVfs FTP backend patch for CVE-2026-28295 fixes PASV abuse that could force the client to connect to arbitrary IP and port.

Reporter	Title	Published	Views	Family All 56
ATTACKERKB	CVE-2026-28295	26 Feb 202615:33	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : gvfs, gvfs-archive, gvfs-client (ALAS2023-2026-1475)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : gvfs, --advisory ALAS2-2026-3197 (ALAS-2026-3197)	19 Mar 202600:00	–	nessus
Tenable Nessus	Debian dla-4513 : gvfs - security update	28 Mar 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : gnome-online-accounts, gvfs (openSUSE-SU-2026:20451-1)	4 Apr 202600:00	–	nessus
Tenable Nessus	Slackware Linux 15.0 / current gvfs Multiple Vulnerabilities (SSA:2026-059-01)	4 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES12 Security Update : gvfs (SUSE-SU-2026:0916-1)	19 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : gvfs (SUSE-SU-2026:0923-1)	19 Mar 202600:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gvfs (SUSE-SU-2026:0960-1)	24 Mar 202600:00	–	nessus
Tenable Nessus	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GVfs vulnerabilities (USN-8114-1)	25 Mar 202600:00	–	nessus

Source	Link
openeuler	www.openeuler.org/zh/security/security-bulletins/detail/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-28295

05 Jun 2026 16:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.14.3

EPSS0.00048

SSVC