CVE-2026-23942 — MEDIUM (5.4)

Q: How severe is CVE-2026-23942?

CVE-2026-23942 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-23942?

Check the references section above for vendor advisories and patch information. Affected products include: Erlang Erlang\/Otp, Erlang Erlang\/Ssh.

Vulnerability Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Erlang	Erlang\/Otp	>= 17.0, < 26.2.5.18
Erlang	Erlang\/Ssh	>= 3.0.1, < 5.1.4.14

Related Weaknesses (CWE)

CWE-22

References

https://cna.erlef.org/cves/CVE-2026-23942.htmlVendor Advisory
https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590bPatch
https://github.com/erlang/otp/commit/5ed603a1211b83b8be2d1fc06d3f3bf30c3c9759Patch
https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28Patch
https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9hMitigationVendor Advisory
https://osv.dev/vulnerability/EEF-CVE-2026-23942Vendor Advisory
https://www.erlang.org/doc/system/versions.html#order-of-versionsProduct

FAQ

What is CVE-2026-23942?

CVE-2026-23942 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program file...

How severe is CVE-2026-23942?

CVE-2026-23942 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-23942?

Check the references section above for vendor advisories and patch information. Affected products include: Erlang Erlang\/Otp, Erlang Erlang\/Ssh.