CVE-2026-49238
Analyzed Analyzed - Analysis Complete
Path Traversal in Canonical Multipass

Publication date: 2026-05-28

Last updated on: 2026-06-01

Assigner: Canonical Ltd.

Description
An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path function in src/sshfs_mount/sftp_server.cpp. The function performs a plain string prefix comparison on requested paths without path separator validation or dot-dot (..) normalization. A local attacker with root privileges inside a guest virtual machine can bypass the FUSE layer by injecting raw SFTP frames (such as an SSH_FXP_OPEN request) directly into the sshfs_server process stdin/stdout pipes via procfs. By supplying a path containing directory traversal sequences that match the allowed mount prefix, the attacker can force the host-side root process to resolve the traversal and open files outside the designated mount boundary. This allows a guest-side user to read arbitrary files on the host filesystem, resulting in a virtual machine escape.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-01
Generated
2026-06-18
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-49238
EUVD
EUVD-2026-32899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
canonical multipass to 1.16.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-49238 is a vulnerability in the Canonical Multipass SFTP server component (sshfs_server) that allows a virtual machine (VM) escape. The issue occurs because the validate_path function performs a simple string prefix comparison on requested paths without proper path separator validation or normalization of directory traversal sequences like '..'.

A local attacker with root privileges inside a guest VM can inject crafted SFTP frames directly into the sshfs_server process via procfs, bypassing the FUSE layer. By supplying paths containing directory traversal sequences that appear to match allowed mount prefixes, the attacker can trick the host-side root process into opening files outside the intended mount boundary.

This allows the guest VM user to read arbitrary files on the host filesystem, effectively escaping the VM sandbox.

Impact Analysis

This vulnerability can have a severe impact by allowing a user with root privileges inside a guest VM to read arbitrary files on the host system, bypassing intended security boundaries.

  • Unauthorized access to sensitive host files such as SSH private keys (~/.ssh/id_rsa), AWS credentials (~/.aws/credentials), and macOS keychain exports.
  • Potential compromise of host system confidentiality and integrity.
  • The exploit leaves no artifacts on the host, making detection difficult.
  • The vulnerability requires root access inside the guest VM, which may be easily obtained on default Multipass installations.
Detection Guidance

This vulnerability is difficult to detect because the exploit leaves no artifacts on the host system.

Since the attack involves injecting crafted SFTP frames directly into the sshfs_server process via procfs from within a guest VM with root privileges, traditional network or system detection methods may not be effective.

No specific detection commands or network signatures are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade Canonical Multipass to version 1.16.3 or later, where this vulnerability has been patched.

Additionally, restrict or monitor root access inside guest virtual machines, as the exploit requires root privileges within the guest.

Consider reviewing and hardening sudo permissions for the ubuntu user inside guest VMs to prevent trivial root access.

Compliance Impact

This vulnerability allows a guest virtual machine user with root privileges to read arbitrary files on the host system, including sensitive files such as SSH private keys and AWS credentials. Such unauthorized access to sensitive data can lead to breaches of confidentiality and integrity.

Because it enables unauthorized access to potentially sensitive personal or organizational data, this vulnerability could negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on data confidentiality and integrity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49238. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart