5 matches found
EUVD-2026-11778
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
CVE-2026-23942
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
EEF-CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd
Summary Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses...
CVE-2025-48041
CVE-2025-48041 is an Erlang/OTP issue in the SSH sftp path (ssh_sftpd.erl) causing Allocation of Resources Without Limits or Throttling. Affected are OTP forms up to 28.0.3 (and related SSH from 3.0.1 to 5.3.3, 5.2.11.3, 5.1.4.12). The vulnerability enables excessive resource allocation and relat...
CVE-2025-48040
CVE-2025-48040 describes an uncontrolled resource consumption in Erlang OTP ssh (ssh_sftp) due to excessive data handling. Affected ranges include OTP 17.0–28.0.3, OTP 27.3.4.3 and 26.2.5.15 (ssh from 3.0.1–5.3.3, 5.2.11.3, 5.1.4.12). Exploitation details are not provided in the available documen...