Observable Response Discrepancy in otp - CVE-2026-53422
Published: July 2, 2026
otp
Detailed vulnerability description
The vulnerability allows a remote user to disclose sensitive information about filesystem path existence.
The vulnerability exists due to observable response discrepancy in the ssh_sftpd SSH_FXP_REALPATH handler when processing a crafted traversal path in a REALPATH request. A remote user can send a specially crafted REALPATH request to disclose sensitive information about filesystem path existence.
The issue affects deployments that rely on the configured root option for filesystem path isolation, and it does not by itself provide file contents disclosure or write access.