2 matches found
CVE-2026-53422
CVE-2026-53422 describes an Observable Response Discrepancy in Erlang OTP ssh_sftpd where the REALPATH path handling bypasses root validation, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The root cause is that SSH_FXP_REALPATH u...
SUSE CVE-2025-15661
libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftpsymlink function in src/sftp.c that allows a malicious SSH server or man-in-the-middle attacker to disclose heap memory contents or cause a crash by sending a crafted SSHFXPNAME response...