PT-2026-56578 · Ronf · Asyncssh

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-54591

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ traversal sequences because parse cd args in scp.py returns server-provided names verbatim and recv files joins them to the destination path without enforcing the target directory boundary. This issue is fixed in version 2.23.1.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54591

Affected Products

Asyncssh