CVE-2026-23942

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9

Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module. The SFTP server uses string prefix matching with the lists:prefix/2 function instead of proper path component validation when verifying if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if the root directory is set to /home/user1, paths like /home/user10 or /home/user1 backup could be incorrectly considered within the root. The issue is associated with the program file lib/ssh/src/ssh sftpd.erl and the ssh sftpd:is within root/2 function.

Recommendations Update Erlang OTP to a version later than 28.4.1. Update Erlang OTP to a version later than 27.3.4.9. Update Erlang OTP to a version later than 26.2.5.18.