Suggestions search

All statuses

Filter by:

With package: gnome.gvfs

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-28296

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 4 weeks ago Activity log

Created suggestion 1 month, 4 weeks ago

Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths

A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.

References

https://access.redhat.com/security/cve/CVE-2026-28296 vdb-entryx_refsource_REDHAT
RHBZ#2443003 issue-trackingx_refsource_REDHAT

Affected products

gvfs

Matching in nixpkgs

pkgs.gvfs

Virtual Filesystem support library

nixos-unstable 1.58.1
- nixpkgs-unstable 1.58.1
- nixos-unstable-small 1.58.1
nixos-25.11 1.58.0
- nixos-25.11-small 1.58.0
- nixpkgs-25.11-darwin 1.58.0

pkgs.gnome.gvfs

Virtual Filesystem support library (full GNOME support)

nixos-unstable 1.58.1
- nixpkgs-unstable 1.58.1
- nixos-unstable-small 1.58.1
nixos-25.11 1.58.0
- nixos-25.11-small 1.58.0
- nixpkgs-25.11-darwin 1.58.0

Package maintainers

@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>