PT-2026-56578 · Ronf · Asyncssh
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-54591
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ traversal sequences because parse cd args in scp.py returns server-provided names verbatim and recv files joins them to the destination path without enforcing the target directory boundary. This issue is fixed in version 2.23.1.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asyncssh