Vulnerability in Erlang Otp
CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH handler i…
Affected products
- Erlang Otp — versions 3.0.1, 17.0, 84adefa331c4159d432d22840663c38f155cd4c1
Weakness classification (CWE)
References
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (x_version-scheme)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)
- 6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)