Path Traversal Vulnerability in Erlang OTP SFTP Daemon
CVE-2026-32147

5.3MEDIUM

Key Information:

Vendor: Erlang
Status: Otp
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-32147?

A path traversal vulnerability exists in the Erlang OTP SFTP daemon (ssh_sftpd module), allowing authenticated SFTP users to modify file attributes outside the designated chroot directory. The vulnerability arises because the SFTP daemon uses raw user-supplied paths in file handles rather than paths resolved by chroot, which can lead to unauthorized changes in file permissions, ownership, and timestamps on the real filesystem. As a result, on servers with a misconfigured root option, attackers may leverage this vulnerability to escalate privileges or change critical file properties, provided that the targeted file exists at the specified relative path in the filesystem. Notably, the vulnerability affects versions from OTP 17.0 up to 28.4.3 and is associated with specific Erlang program files.

Affected Version(s)

OTP 3.01

OTP 17.0

OTP 07b8f441ca711f9812fad9e9115bab3c3aa92f79

References

https://github.com/erlang/otp/security/advisories/GHSA-28...

vendor-advisoryrelated

https://cna.erlef.org/cves/CVE-2026-32147.html

https://osv.dev/vulnerability/EEF-CVE-2026-32147

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 10, 2026

Credit

John Downey

Michał Wąsowski

Jakub Witczak

CVE-2026-32147 Data

JSON