CVE-2026-54886
- EPSS 0.33%
- Veröffentlicht 02.07.2026 16:06:20
- Zuletzt bearbeitet 07.07.2026 14:53:35
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handle_data/4 function in ssh_sftpd contains a catch-...
CVE-2026-53422
- EPSS 0.26%
- Veröffentlicht 02.07.2026 16:06:03
- Zuletzt bearbeitet 07.07.2026 14:56:32
Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH handler in ssh_sftpd...
CVE-2026-48855
- EPSS 0.28%
- Veröffentlicht 10.06.2026 14:35:49
- Zuletzt bearbeitet 15.06.2026 18:23:33
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of file:read_link/2 to the client without calling chr...
CVE-2026-48859
- EPSS 0.35%
- Veröffentlicht 10.06.2026 14:35:43
- Zuletzt bearbeitet 15.06.2026 18:23:51
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_pass...
CVE-2026-32147
- EPSS 0.35%
- Veröffentlicht 21.04.2026 12:01:20
- Zuletzt bearbeitet 21.05.2026 17:37:07
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (s...
CVE-2026-23943
- EPSS 0.64%
- Veröffentlicht 13.03.2026 09:11:57
- Zuletzt bearbeitet 21.05.2026 15:22:36
Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflate...
CVE-2026-23942
- EPSS 0.36%
- Veröffentlicht 13.03.2026 09:11:56
- Zuletzt bearbeitet 21.05.2026 15:22:38
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines s...