CVE-2026-49238 | Canonical Multipass up to 1.16.2 Host-side SFTP Server sftp_server.cpp path traversal (GHSA-rhp2-23c4-r34w)

A vulnerability has been found in Canonical Multipass up to 1.16.2 and classified as critical. Affected is an unknown function of the file src/sshfs_mount/sftp_server.cpp of the component Host-side SFTP Server. The manipulation leads to path traversal.

This vulnerability is documented as CVE-2026-49238. The attack needs to be performed locally. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More