Vulnerability in Erlang Otp

CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH_FXP_REALPATH handler i…

Affected products

  • Erlang Otp — versions 3.0.1, 17.0, 84adefa331c4159d432d22840663c38f155cd4c1

Weakness classification (CWE)

References