Description
AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py, asyncssh/auth_keys.py, and asyncssh/misc.py with the raw SSH username during pre-authentication server config reload, allowing a server configured with AuthorizedKeysFile authorized_keys/%u to read an authorized-keys file outside the intended directory when the SSH username contains /, \, or .. path traversal segments and authenticate with an attacker-selected key file. This issue is fixed in version 2.23.0.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-g794-3fmp-753h | AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username |
References
History
Fri, 17 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Ronf
Ronf asyncssh |
|
| Vendors & Products |
Ronf
Ronf asyncssh |
Fri, 17 Jul 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py, asyncssh/auth_keys.py, and asyncssh/misc.py with the raw SSH username during pre-authentication server config reload, allowing a server configured with AuthorizedKeysFile authorized_keys/%u to read an authorized-keys file outside the intended directory when the SSH username contains /, \, or .. path traversal segments and authenticate with an attacker-selected key file. This issue is fixed in version 2.23.0. | |
| Title | AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-17T18:40:02.428Z
Reserved: 2026-05-11T20:14:43.203Z
Link: CVE-2026-45309
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T20:45:04Z
Weaknesses
Github GHSA