CVE-2026-48827
Path Traversal in Apache MINA SSHD sshd-git
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | mina | sshd-git |
| apache | mina | From 3.0.0-M1 (inc) to 3.0.0-M4 (exc) |
| apache | minas_shd | sshd-git |
| apache | minas_shd | From 3.0.0-M1 (inc) to 3.0.0-M4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated SSH users to access git repositories outside the configured server root directory due to lack of path validation. This unauthorized access to data could potentially lead to exposure of sensitive or regulated information.
Such unauthorized data access may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls on data access and protection of sensitive information.
However, the description notes that a professional git server should implement additional security controls beyond file system permissions to govern access, implying that relying solely on the vulnerable component increases compliance risk.
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the Apache MINA SSHD bundle called sshd-git. It occurs because there is a lack of proper path validation in git operations such as git-upload-pack and git-receive-pack. This flaw allows users who are authenticated over SSH to access git repositories that are located outside the configured root directory of the git server.
Only applications that use the org.apache.sshd:sshd-git component are affected by this vulnerability.
How can this vulnerability impact me? :
The vulnerability can allow authenticated SSH users to access git repositories beyond the intended root directory. This unauthorized access can lead to exposure of sensitive or restricted code repositories.
The CVSS score of 7.1 indicates a high severity impact, with high confidentiality impact, low integrity impact, and no availability impact.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade affected applications to Apache MINA SSHD version 2.18.0 or later, which contains the fix.
If using pre-release milestones of the upcoming major version 3.0.0, upgrade to 3.0.0-M4 or later.
Additionally, it is recommended that professional git servers implement security controls beyond file system layout and permissions to govern access to git repositories and allowed operations.