CVE-2026-49238
Path Traversal in Canonical Multipass
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Canonical Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| canonical | multipass | to 1.16.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-49238 is a vulnerability in the Canonical Multipass SFTP server component (sshfs_server) that allows a virtual machine (VM) escape. The issue occurs because the validate_path function performs a simple string prefix comparison on requested paths without proper path separator validation or normalization of directory traversal sequences like '..'.
A local attacker with root privileges inside a guest VM can inject crafted SFTP frames directly into the sshfs_server process via procfs, bypassing the FUSE layer. By supplying paths containing directory traversal sequences that appear to match allowed mount prefixes, the attacker can trick the host-side root process into opening files outside the intended mount boundary.
This allows the guest VM user to read arbitrary files on the host filesystem, effectively escaping the VM sandbox.
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing a user with root privileges inside a guest VM to read arbitrary files on the host system, bypassing intended security boundaries.
- Unauthorized access to sensitive host files such as SSH private keys (~/.ssh/id_rsa), AWS credentials (~/.aws/credentials), and macOS keychain exports.
- Potential compromise of host system confidentiality and integrity.
- The exploit leaves no artifacts on the host, making detection difficult.
- The vulnerability requires root access inside the guest VM, which may be easily obtained on default Multipass installations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is difficult to detect because the exploit leaves no artifacts on the host system.
Since the attack involves injecting crafted SFTP frames directly into the sshfs_server process via procfs from within a guest VM with root privileges, traditional network or system detection methods may not be effective.
No specific detection commands or network signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Canonical Multipass to version 1.16.3 or later, where this vulnerability has been patched.
Additionally, restrict or monitor root access inside guest virtual machines, as the exploit requires root privileges within the guest.
Consider reviewing and hardening sudo permissions for the ubuntu user inside guest VMs to prevent trivial root access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a guest virtual machine user with root privileges to read arbitrary files on the host system, including sensitive files such as SSH private keys and AWS credentials. Such unauthorized access to sensitive data can lead to breaches of confidentiality and integrity.
Because it enables unauthorized access to potentially sensitive personal or organizational data, this vulnerability could negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on data confidentiality and integrity.