How serious is CVE-2026-23942?

This vulnerability has a CVSS score of 5.3 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-23942?

Yes, proof-of-concept exploit code for CVE-2026-23942 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-23942?

Check the official CVE details for a complete list of affected products and versions.

How do I fix CVE-2026-23942?

To remediate CVE-2026-23942, check for security patches from the vendor. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-23942

Medium

|5.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker with valid credentials to access files and directories outside their intended area on an SFTP server, potentially exposing sensitive data. It occurs because the server incorrectly checks if a requested path is within the allowed directory, allowing access to sibling directories that share similar names.

Technical Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$724($500-$1K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Mar 13, 2026

25 days ago

Last Modified

Mar 16, 2026

22 days ago