PatchSiren

ronf CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM ronf CVE published 2026-07-08

CVE-2026-54590

CVE-2026-54590 is a path traversal vulnerability in AsyncSSH, a Python package for asynchronous SSHv2 protocol implementation. The issue arises from an incomplete fix for CVE-2026-45309 in version 2.23.0, which fails to block leading ~ or ${ENV} in AuthorizedKeysFile, allowing path expansion. This vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. The issue has been fixed in versi [truncated]