๐Ÿ” CVE Alert

CVE-2026-45309

UNKNOWN 0.0

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py, asyncssh/auth_keys.py, and asyncssh/misc.py with the raw SSH username during pre-authentication server config reload, allowing a server configured with AuthorizedKeysFile authorized_keys/%u to read an authorized-keys file outside the intended directory when the SSH username contains /, \, or .. path traversal segments and authenticate with an attacker-selected key file. This issue is fixed in version 2.23.0.

CWE CWE-22
Vendor ronf
Product asyncssh
Published Jul 17, 2026
Stay Ahead of the Next One

Get instant alerts for ronf asyncssh

Be the first to know when new unknown vulnerabilities affecting ronf asyncssh are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

ronf / asyncssh
< 2.23.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/ronf/asyncssh/security/advisories/GHSA-g794-3fmp-753h github.com: https://github.com/ronf/asyncssh/commit/2af2382cce946c959a378a62f257af253dc4ab51 github.com: https://github.com/ronf/asyncssh/commit/3d515ba9ba0cd9990d248bdf62bcf05d51261a88