#VU125774 Path traversal in otp - CVE-2026-23942
Published: April 10, 2026
Vulnerability identifier: #VU125774
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23942
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
otp
otp
Software vendor:
erlang
erlang
Description
The vulnerability allows a remote user to access files outside the configured root directory.
The vulnerability exists due to path traversal in ssh_sftpd when validating file paths using string prefix matching for the root option. A remote user can request paths in sibling directories that share a common name prefix to access files outside the configured root directory.
The issue applies only when the root option is configured under the assumption that it provides complete directory isolation.
Remediation
Install security update from vendor's website.