Volerion logoVolerion
Volerion logoVolerion

Canonical Multipass Path Traversal Vulnerability in SFTP Server Component Allowing VM Escape

Vulnerability

A path traversal vulnerability has been identified in Canonical Multipass versions prior to 1.16.3. The issue resides in the host-side SFTP server component, sshfs_server, which runs with root privileges. The vulnerability arises because the validate_path function in src/sshfs_mount/sftp_server.cpp performs a simple string prefix comparison on requested paths without validating path separators or normalizing directory traversal sequences. This flaw allows a local attacker with root access inside a guest virtual machine to bypass the FUSE layer by injecting raw SFTP frames, such as an SSH_FXP_OPEN request, directly into the sshfs_server process's stdin/stdout pipes via procfs. By crafting a path traversal that aligns with the allowed mount prefix, the attacker can manipulate the host-side root process to access files outside the designated mount boundary. This exploitation enables the guest user to read arbitrary files from the host filesystem, resulting in a virtual machine escape.

Impact

Exploitation of this vulnerability allows a user inside the guest virtual machine to read arbitrary files from the host filesystem with root privileges, bypassing any declared mount boundaries. This creates a virtual machine escape scenario, as the guest code can access host files without leaving any trace on the host system.

Reproduction

To reproduce this vulnerability, first create a directory on the host that will be shared with the guest virtual machine. Mount this directory into a running Multipass VM using the 'multipass mount' command. Once the directory is mounted, the SFTP server will be accessible from the guest. Inject a crafted SSH_FXP_OPEN request through the SFTP server's stdout pipe, bypassing the FUSE layer. The injected request should include a path traversal sequence that matches the allowed mount prefix, directing the SFTP server to open a file outside the designated mount boundary.

Remediation

Users can upgrade to Canonical Multipass version 1.16.3 or later to address this vulnerability.

Added: May 28, 2026, 3:26 PM
Updated: May 28, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm
spread
4.2
impact
0.8
exploitability
3.6
remediation
7.7
relevance
9.6
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.