Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48463

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 29.0.1 Erlang OTP versions prior to 28.5.0.2 Erlang OTP versions prior to 27.3.4.13 Description An issue in the ssh sftpd module allows for file discovery through the exposure of sensitive information. The SSH...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.7 views

CVE-2026-40876

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.8CVSS5.5AI score0.00439EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/21 7:34 p.m.34 views

CVE-2026-40876 SFTP root escape via prefix-based path validation in goshs

goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can...

8.7CVSS0.00439EPSS
Exploits1References1
CVE
CVE
added 2026/04/21 7:34 p.m.11 views

CVE-2026-40876

CVE-2026-40876 (goshs) describes an SFTP jail-escape due to a prefix-based path validation bug in the sftpserver.helper.go sanitizePath implementation. The code uses a raw string-prefix check to validate the target path against the configured root, which allows a sibling path (e.g., /tmp/goshsroo...

8.8CVSS5.8AI score0.00439EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-33229

Name of the Vulnerable Software and Affected Versions goshs versions prior to 2.0.0-beta.6 Description goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, breaking the...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/13 9:11 a.m.24 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS0.00363EPSS
Exploits0References7
Rows per page
Query Builder