EEF-CVE-2026-48855 SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured
Summary Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh ssh\sftpd module allows File Discovery. The SSH\FXP\READLINK handler in ssh\sftpd sends the raw result of file:read\link/2 to the client without calling chroot\filename/2 to strip the backend root...