Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAK3hNHZLtF=DE2mPn0S-VfhCW4C4-W5h+K9oB9=2Hzj94dhjHQ@mail.gmail.com>
Date: Fri, 29 May 2026 17:11:41 -0700
From: Abhinav Agarwal <abhinavagarwal1996@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-47187, CVE-2026-48711: sshfs <= 3.7.5 symlink escape (local
 file read/write) and ssh argument injection (local command execution)

Two vulnerabilities in sshfs (FUSE filesystem over SFTP) have been
assigned CVEs and fixed in sshfs 3.7.6.

Affected versions: sshfs <= 3.7.5
Fixed in: sshfs 3.7.6
https://github.com/libfuse/sshfs/releases/tag/sshfs-3.7.6


CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/write
Severity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
CWE: CWE-59 (Improper Link Resolution Before File Access)

A rogue SFTP server can return symlink targets (absolute paths or
relative "../../../" escapes) that sshfs passes to the kernel
unchanged. The kernel resolves them on the client's local filesystem,
so an ordinary "cp" through the mountpoint can read local files back
to the server or write server-controlled bytes to local files.
transform_symlinks does not cover relative targets.

Fixed by a new contain_symlinks option (default on) that rejects
absolute targets and any target containing "..", returning EPERM.

Advisory:
https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357
Credit: Abhinav Agarwal (reporter)


CVE-2026-48711: ssh argument injection via bracketed mount source
Severity: High (CVSS 7.0, CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CWE: CWE-88 (Argument Injection)
Confirmed affected: sshfs 1.4 through 3.7.5

A mount source such as "[-oProxyCommand=CMD]:/path" is accepted as a
positional source; find_base_path() strips the brackets as an IPv6
literal, leaving "-oProxyCommand=CMD" as the hostname, which sshfs
passes to ssh as an option. When the caller sets a path-valued
sftp_server, ssh gets a destination argument and runs the injected
ProxyCommand before connecting, giving arbitrary local command
execution as the user running sshfs, with no SSH authentication.
Requires a caller that passes an attacker-controlled mount source and
uses a path-valued sftp_server.

Fixed by rejecting hostnames that begin with "-" after bracket
normalization, and adding an ssh end-of-options marker ("--") before
the hostname.

Advisory:
https://github.com/libfuse/sshfs/security/advisories/GHSA-mm85-q63v-4476
Credit: Abhinav Agarwal (reporter)


Both issues were reported privately to the sshfs maintainer through
GitHub's private vulnerability reporting and fixed in a coordinated
release.

Timeline (UTC):
2026-05-16 CVE-2026-47187 (symlink escape) reported
2026-05-18 CVE-2026-48711 (argument injection) reported
2026-05-29 GHSA advisories published
2026-05-29 sshfs 3.7.6 released with fixes for both

-- Abhinav Agarwal

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.