Erlang OTP
Easy fix8 remedies
cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*
Easy fix8 remedies
- >= 17.0, < 28.4.1
- >= 27.3.4.9, < 27.3.4.10
- >= 26.2.5.18, < 26.2.5.19
- >= 3.0.1, <= 5.5.1
- >= 5.2.11.6, <= 5.2.11.7
- >= 5.1.4.14, <= 5.1.4.15
Erlang OTP Path Traversal Vulnerability in SFTP Server
Vulnerability
Patched
A path traversal vulnerability has been identified in the SFTP server component of Erlang OTP, specifically within the ssh_sftpd module. This vulnerability arises from improper validation of file paths relative to the configured root directory, allowing authenticated users to access unintended directories. The issue is present in Erlang OTP versions 17.0 through 28.4.1, as well as in OTP 27.3.4.9 and OTP 26.2.5.18.
Impact
Exploitation of this vulnerability allows authenticated users to bypass directory restrictions and access files in sibling directories that share a common name prefix with the configured root directory.
Reproduction
To reproduce this vulnerability, configure the SFTP server with the 'root' option set to a specific directory. Then, attempt to access files in sibling directories that share a prefix with the root directory. For example, if the root is set to '/home/user1', paths like '/home/user10' or '/home/user1_backup' can be accessed, bypassing the intended restrictions.
Remediation
Users can update to Erlang OTP versions 28.4.1, 27.3.4.9, or 26.2.5.18, where this vulnerability has been patched. Additionally, for high-security deployments, consider using OS-level isolation mechanisms such as chroot jails, containers, or mandatory access control with SELinux or AppArmor.
Added: Mar 13, 2026, 8:02 PM
Updated: Mar 13, 2026, 8:02 PM
Vulnerability Rating
Custom Algorithm
spread
5.4impact
5.0exploitability
3.9remediation
8.3relevance
3.8threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.