GHSA-XJVP-7243-RG9H: GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Writ

GHSA-xjvp-7243-rg9h: Critical Path Traversal in Wish SCP Middleware Allows Arbitrary File Read/Write Vulnerability ID: GHSA-XJVP-7243-RG9H CVSS Score: 9.6 Published: 2026-04-18 A critical path traversal vulnerability in the SCP middleware of the Wish Go library (GHSA-xjvp-7243-rg9h) permits attackers to read and write arbitrary files outside the configured root directory. The flaw originates from insufficient path sanitization in the fileSystemHandler.prefixed() method, enabling severe impacts i