Path traversal in otp - CVE-2026-23942
Published: April 10, 2026
Vulnerability identifier: #VU125774
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23942
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: erlang
Affected software:
otp
otp
Detailed vulnerability description
The vulnerability allows a remote user to access files outside the configured root directory.
The vulnerability exists due to path traversal in ssh_sftpd when validating file paths using string prefix matching for the root option. A remote user can request paths in sibling directories that share a common name prefix to access files outside the configured root directory.
The issue applies only when the root option is configured under the assumption that it provides complete directory isolation.
How to mitigate CVE-2026-23942
Install security update from vendor's website.