CVE-2026-48827
Analyzed Analyzed - Analysis Complete
Path Traversal in Apache MINA SSHD sshd-git

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Apache Software Foundation

Description
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if they use org.apache.sshd:sshd-git. Applications not using sshd-git are not affected. Users are advised to upgrade affected applications to Apche MINA SSHD 2.18.0, which fixes the issue. The issue also is present in the pre-release milestones 3.0.0-M1 to 3.0.0-M3 for a new upcoming new major version 3.0.0. Again, applications are affected only if they use sshd-git. Upgrade affected applications to 3.0.0-M4. We would like to point out that a professional git server should not rely solely on file system layout and permissions, but should implement additional security controls to govern access to git repositories and operations allowed on particular git repositories.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-48827
EUVD
EUVD-2026-33606
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
apache mina_sshd From 2.0.0 (inc) to 2.18.0 (exc)
apache mina_sshd 3.0.0
apache mina_sshd 3.0.0
apache mina_sshd 3.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated SSH users to access git repositories outside the configured server root directory due to lack of path validation. This unauthorized access to data could potentially lead to exposure of sensitive or regulated information.

Such unauthorized data access may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls on data access and protection of sensitive information.

However, the description notes that a professional git server should implement additional security controls beyond file system permissions to govern access, implying that relying solely on the vulnerable component increases compliance risk.

Executive Summary

This vulnerability is a path traversal issue in the Apache MINA SSHD bundle called sshd-git. It occurs because there is a lack of proper path validation in git operations such as git-upload-pack and git-receive-pack. This flaw allows users who are authenticated over SSH to access git repositories that are located outside the configured root directory of the git server.

Only applications that use the org.apache.sshd:sshd-git component are affected by this vulnerability.

Impact Analysis

The vulnerability can allow authenticated SSH users to access git repositories beyond the intended root directory. This unauthorized access can lead to exposure of sensitive or restricted code repositories.

The CVSS score of 7.1 indicates a high severity impact, with high confidentiality impact, low integrity impact, and no availability impact.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade affected applications to Apache MINA SSHD version 2.18.0 or later, which contains the fix.

If using pre-release milestones of the upcoming major version 3.0.0, upgrade to 3.0.0-M4 or later.

Additionally, it is recommended that professional git servers implement security controls beyond file system layout and permissions to govern access to git repositories and allowed operations.

Detection Guidance

This vulnerability can be detected by identifying if your system is running an affected version of Apache MINA SSHD with the sshd-git bundle (versions 2.0.0 through 2.17.1 or pre-release milestones 3.0.0-M1 through 3.0.0-M3).

Since the vulnerability involves path traversal via git operations over SSH, monitoring SSH git commands such as git-upload-pack and git-receive-pack for unusual access patterns outside the configured git server root directory can help detect exploitation attempts.

Suggested commands to check the installed version and running processes include:

  • Check the version of Apache MINA SSHD in your application dependencies or installation: e.g., using package management tools or inspecting application manifests.
  • Use commands like `ps aux | grep sshd` to identify running sshd-git processes.
  • Monitor SSH git commands in logs or via network traffic analysis to detect git-upload-pack or git-receive-pack operations accessing paths outside the expected repository root.
  • Use file system monitoring tools to detect unauthorized access attempts outside the configured git repository directories.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48827. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart