RockyLinux 10 : libssh (RLSA-2026:18160)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18160 advisory. libssh: Buffer underflow in sshgethexa on invalid input CVE-2026-0966 libssh: Improper sanitation of paths received from SCP servers CVE-2026-0964...

libssh security update

An update is available for libssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

RLSA-2026:18683 Moderate: libssh security update

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Double Free Vulnerability in libssh Key Export Functions CVE-2025-5351 libssh: Use of uninitialized variable in privatekeyfromfile CVE-2025-4878 libssh: Write...

CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

CVE-2026-49238 SFTP Server VM Escape in Canonical Multipass

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

CVE-2026-49238

CVE-2026-49238 affects Canonical Multipass

CVE-2026-49238

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfsserver, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validatepath function in src/sshfsmount/sftpserver.cpp. The function...

Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from the validatepath function in the sshfsserver component, which had a path bypass issue. It...

PT-2026-44376

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component sshfs server, which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate path function in src/sshfs mount/sftp server.cpp. The...

GHSA-G3VG-VX23-3858 compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

PT-2026-44160

Summary The compliance-trestle library's remote fetching cache mechanism HTTPSFetcher and SFTPFetcher constructs the local cache file path from the URL path component without sanitizing path traversal sequences ../. When a remote OSCAL profile references a URL with traversal in its path, the HTTP...

CLSA-2026-1779371406 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell injection in netrw via the tempfile suffix when reading sftp:// or file:// URLs by escaping the tempfile and restricting the suffix regex to word characters...

vim: Fix of CVE-2026-42307

CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp:// URLs by hardening the tempfile suffix regex and escaping the tempfile argument before passing it to the sftp command...

CLSA-2026-1779279626 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp:// URLs by hardening the tempfile suffix regex and escaping the tempfile argument before passing it to the sftp command...

Kopia: RCE via SSH ProxyCommand Injection

Summary Kopia's HTTP server, when started with --without-password , accepts unauthenticated requests to /api/v1/repo/exists. The handler forwards an attacker-supplied storage configuration to blob.NewStorage. For SFTP backends with externalSSH: true, that path constructs a process command line by...

CLSA-2026-1779212372 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix OS command injection in netrw plugin via crafted sftp:// URLs by hardening the tempfile suffix regex and escaping the tempfile argument before passing it to the sftp command...

Advisory ROSA-SA-2026-3275

software: libssh 0.9.8 OS: ROSA-CHROME unaffected versions = libssh-0.9.8-4 affected versions libssh-0.9.8-4 CVE-ID: CVE-2026-3731 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A read outside allocated buffer vulnerability in the SFTP Extension Name Handler component of the libssh library allows a...

Security update for erlang26

This update for erlang26 fixes the following issues Security issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

libssh: libssh: Denial of Service due to malformed SFTP message

A flaw was found in libssh in which a malicious SFTP SSH File Transfer Protocol server can exploit this by sending a malformed 'longname' field within an SSHFXPNAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can...