GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write

GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write

Vulnerability ID: GHSA-XJVP-7243-RG9H
CVSS Score: 9.6
Published: 2026-04-18

A critical path traversal vulnerability in the SCP middleware…


This content originally appeared on DEV Community and was authored by CVE Reports

GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write

Vulnerability ID: GHSA-XJVP-7243-RG9H
CVSS Score: 9.6
Published: 2026-04-18

A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the fileSystemHandler.prefixed() method, enabling severe impacts including remote code execution if critical system files are overwritten. Exploitation requires authentication unless the target server explicitly runs without authentication protocols.

TL;DR

A path traversal flaw in the Wish SCP middleware allows arbitrary file read and write operations outside the designated root directory via crafted SCP requests.

⚠️ Exploit Status: POC

Technical Details

  • Advisory ID: GHSA-xjvp-7243-rg9h
  • CVSS Score: 9.6
  • Attack Vector: Network
  • CWE ID: CWE-22
  • Impact: Arbitrary File Read/Write
  • Exploit Status: Proof-of-Concept Available

Affected Systems

  • Custom SSH Servers built with charm.land/wish/v2 <= 2.0.0
  • Custom SSH Servers built with github.com/charmbracelet/wish <= 1.4.7
  • charm.land/wish/v2: <= 2.0.0 (Fixed in: 2.0.1)
  • github.com/charmbracelet/wish: <= 1.4.7 (Fixed in: None)

Mitigation Strategies

  • Dependency Upgrade
  • Service Disablement
  • Defense-in-Depth Isolation

Remediation Steps:

  1. Update go.mod to use charm.land/wish/v2 v2.0.1 or higher.
  2. Execute go mod tidy to download the patched dependencies.
  3. Recompile the Go application.
  4. Restart the custom SSH server service.

References

Read the full report for GHSA-XJVP-7243-RG9H on our website for more details including interactive diagrams and full exploit analysis.


This content originally appeared on DEV Community and was authored by CVE Reports


Print Share Comment Cite Upload Translate Updates
APA

CVE Reports | Sciencx (2026-04-19T22:40:20+00:00) GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write. Retrieved from https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/

MLA
" » GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write." CVE Reports | Sciencx - Sunday April 19, 2026, https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/
HARVARD
CVE Reports | Sciencx Sunday April 19, 2026 » GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write., viewed ,<https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/>
VANCOUVER
CVE Reports | Sciencx - » GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/
CHICAGO
" » GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write." CVE Reports | Sciencx - Accessed . https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/
IEEE
" » GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write." CVE Reports | Sciencx [Online]. Available: https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/. [Accessed: ]
rf:citation
» GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write | CVE Reports | Sciencx | https://www.scien.cx/2026/04/19/ghsa-xjvp-7243-rg9h-ghsa-xjvp-7243-rg9h-critical-path-traversal-in-wish-scp-middleware-allows-arbitrary-file-read-write/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.