SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

...

CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

CVE-2026-32147

Technical details about affected products/versions and remediation are not provided in the supplied documents; monitor for updates.

EEF-CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in...

EUVD-2026-16466

Incus vulnerable to arbitrary file read and write through pongo templates...

Incus vulnerable to arbitrary file read and write through pongo templates

Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementatio...

GHSA-83XR-5XXR-MH92 Incus vulnerable to arbitrary file read and write through pongo templates

Summary Instance template files can be used to cause arbitrary read or writes as root on the host server. Details Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementatio...

CVE-2026-33897

A flaw was found in Incus, a system container and virtual machine manager. An attacker with control over instance template files can exploit a vulnerability in the pongo2 templating engine. This flaw allows for arbitrary read or write operations as the root user on the host server by bypassing th...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

UBUNTU-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

CVE-2026-33897

Incus prior to 6.23.0 is vulnerable to arbitrary file read/write as root on the host via instance template files using pongo2 templates. The pongo2 chroot isolation feature was intended to constrain access to the instance filesystem, but the chroot mechanism is skipped by this implementation, all...

Incus 安全漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained security vulnerabilities. These vulnerabilities stemmed from the pongo2 template in instance template files, which bypassed the chroot isolation mechanism, potentially allowing...

PT-2026-28560

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, allows instance template files to be used to perform arbitrary read and write operations as root on the host server. The software utilizes pongo2...

EUVD-2008-3861

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. CVE-2016-6299...