CVE-2026-23942: SFTP root escape via component-agnostic prefix check in ssh_sftpd
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-Mar
- Released
- 2026-03-17
- EPSS Score
- 0.02% (percentile: 4.4%)
Affected Products (2)
Open Source Software
- cbl2 erlang 25.3.2.21-4 on CBL Mariner 2.0
- azl3 erlang 26.2.5.17-1 on Azure Linux 3.0
Revision History
- 2026-03-17: Information published.