๐Ÿ” CVE Alert

CVE-2026-54591

HIGH 8.1

AsyncSSH: SCP Path Traversal to Arbitrary File Write

CVSS Score
8.1
EPSS Score
0.3%
EPSS Percentile
24th

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../ traversal sequences because _parse_cd_args in scp.py returns server-provided names verbatim and _recv_files joins them to the destination path without enforcing the target directory boundary. This issue is fixed in version 2.23.1.

CWE CWE-22
Vendor ronf
Product asyncssh
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for ronf asyncssh

Be the first to know when new high vulnerabilities affecting ronf asyncssh are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Affected Versions

ronf / asyncssh
< 2.23.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/ronf/asyncssh/security/advisories/GHSA-2wxc-x7rj-hg8f github.com: https://github.com/ronf/asyncssh/commit/d730803b8e4e94c20c7580d90f94d1e05f9f58de github.com: https://github.com/ronf/asyncssh/releases/tag/v2.23.1