Two vulnerabilities in sshfs (FUSE filesystem over SFTP) have been assigned CVEs and fixed in sshfs 3.7.6.
Affected versions: sshfs <= 3.7.5 Fixed in: sshfs 3.7.6 https://github.com/libfuse/sshfs/releases/tag/sshfs-3.7.6 CVE-2026-47187: Symlink escape - rogue SFTP server -> local file read/write Severity: Critical (CVSS 9.3, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N) CWE: CWE-59 (Improper Link Resolution Before File Access) A rogue SFTP server can return symlink targets (absolute paths or relative "../../../" escapes) that sshfs passes to the kernel unchanged. The kernel resolves them on the client's local filesystem, so an ordinary "cp" through the mountpoint can read local files back to the server or write server-controlled bytes to local files. transform_symlinks does not cover relative targets. Fixed by a new contain_symlinks option (default on) that rejects absolute targets and any target containing "..", returning EPERM. Advisory: https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357 Credit: Abhinav Agarwal (reporter) CVE-2026-48711: ssh argument injection via bracketed mount source Severity: High (CVSS 7.0, CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CWE: CWE-88 (Argument Injection) Confirmed affected: sshfs 1.4 through 3.7.5 A mount source such as "[-oProxyCommand=CMD]:/path" is accepted as a positional source; find_base_path() strips the brackets as an IPv6 literal, leaving "-oProxyCommand=CMD" as the hostname, which sshfs passes to ssh as an option. When the caller sets a path-valued sftp_server, ssh gets a destination argument and runs the injected ProxyCommand before connecting, giving arbitrary local command execution as the user running sshfs, with no SSH authentication. Requires a caller that passes an attacker-controlled mount source and uses a path-valued sftp_server. Fixed by rejecting hostnames that begin with "-" after bracket normalization, and adding an ssh end-of-options marker ("--") before the hostname. Advisory: https://github.com/libfuse/sshfs/security/advisories/GHSA-mm85-q63v-4476 Credit: Abhinav Agarwal (reporter) Both issues were reported privately to the sshfs maintainer through GitHub's private vulnerability reporting and fixed in a coordinated release. Timeline (UTC): 2026-05-16 CVE-2026-47187 (symlink escape) reported 2026-05-18 CVE-2026-48711 (argument injection) reported 2026-05-29 GHSA advisories published 2026-05-29 sshfs 3.7.6 released with fixes for both -- Abhinav Agarwal
