CVE-2026-48827

Name of the Vulnerable Software and Affected Versions Apache MINA SSHD versions prior to 2.18.0 Apache MINA SSHD versions 3.0.0-M1 through 3.0.0-M3

Description A path traversal issue exists in the org.apache.sshd:sshd-git bundle. Due to a lack of path validation in git-upload-pack, git-receive-pack, and other git operations, users authenticated over SSH can access git repositories located outside the configured git server root directory. Path traversal is a security flaw that allows an attacker to read or write files on the server outside of the intended folder by using special characters like dot-dot-slash (../).

Recommendations Upgrade to version 2.18.0. Upgrade to version 3.0.0-M4. Implement additional security controls to govern access to git repositories and operations rather than relying solely on file system layout and permissions.