CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

EEF-CVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon ssh\sftpd stores the raw, user-supplied path i...

CVE-2026-32147

Technical details about affected products/versions and remediation are not provided in the supplied documents; monitor for updates.

SUSE-SU-2026:21250-1 Security update for openvswitch

This update for openvswitch fixes the following issue: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273...

PT-2026-33974

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability was due to improper session timeout settings, which could cause Web users with SAML configurations t...

SUSE-SU-2026:1482-1 Security update for openvswitch

This update for openvswitch fixes the following issues: - CVE-2026-34956: invalid memory access via crafted FTP payloads in userspace conntrack flows specifying the FTP alg handler bsc1261273...

Security update for openvswitch

This update for openvswitch fixes the following issue: Security updates: CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: Update openvswitch to 3.5.4 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2026:1439-1 Security update for openvswitch

This update for openvswitch fixes the following issue: Security updates: - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Other updates: - Update openvswitch to 3.5.4...

OESA-2026-1962 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

OESA-2026-1960 openvswitch security update

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fixes: "Description\n===========\n\nMultiple versions of Open vSwitch are vulnerable to crafted FTP payloads\ncausing invalid memory accesses, potential...

runtime-exploit-guard

Container Exec - Python Script Reads attack-vuln-image-mappi...

CLSA-2026-1776362968 Fix CVE(s): CVE-2026-0968

SECURITY UPDATE: heap read past bounds in sftpparselongname from malicious SFTP longname field - debian/patches/CVE-2026-0968.patch: validate longname pointer and longnamefield; bound string walks at NUL; fail if field not found - CVE-2026-0968...

GHSA-C29W-QQ4M-2GCV goshs has an empty-username SFTP password authentication bypass

Summary goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network...

Security update for libssh

This update for libssh fixes the following issues: CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternative...

SUSE-SU-2026:1310-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler bsc1259377...

SUSE CVE-2026-40188

goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the root directory of the SFTP. This vulnerability is fixed in 2.0.0-beta.4...