Source: sshfs-fuse Version: 3.7.3-1.1 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for sshfs-fuse. CVE-2026-47187[0]: | Symlink escape - rogue SFTP server -> local file read/write CVE-2026-48711[1]: | ssh argument injection via bracketed mount source If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-47187 https://www.cve.org/CVERecord?id=CVE-2026-47187 [1] https://security-tracker.debian.org/tracker/CVE-2026-48711 https://www.cve.org/CVERecord?id=CVE-2026-48711 [2] https://www.openwall.com/lists/oss-security/2026/05/30/3 Regards, Salvatore
