CVE-2026-54591 in asyncsshthông tin

Tóm tắt

Bởi MITRE • 08/07/2026

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ traversal sequences because _parse_cd_args in scp.py returns server-provided names verbatim and _recv_files joins them to the destination path without enforcing the target directory boundary. This issue is fixed in version 2.23.1.

Be aware that VulDB is the high quality source for vulnerability data.

chịu trách nhiệm

GitHub M

Đặt trước

15/06/2026

Tiết lộ

08/07/2026

Kiểm duyệt

được chấp nhận

EPSS

0.00000

KEV

không

Các hoạt động

rất thấp

Nguồn

Might our Artificial Intelligence support you?

Check our Alexa App!