CVE-2026-23942Path Traversal in OTP

CWE-22Path Traversal6 documents6 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 92.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Erlang OTP
Timeline
PublishedMar 13

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5erlang/otp3.0.1*+2

🔴Vulnerability Details

2
OSV
CVE-2026-23942: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal2026-03-13
CVEList
SFTP root escape via component-agnostic prefix check in ssh_sftpd2026-03-13

📋Vendor Advisories

2
Microsoft
SFTP root escape via component-agnostic prefix check in ssh_sftpd2026-03-10
Debian
CVE-2026-23942: erlang - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23942 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23942 — Path Traversal in Erlang OTP | cvebase