THE article discusses significant vulnerabilities in the SSHFS utility, particularly a command execution exploit denoted as CVE-2026-48711. This flaw allows attackers to execute arbitrary code through improper handling of parameters in the software. Additionally, another vulnerability, CVE-2026-47187, enables a rogue SFTP server to manipulate local file systems via malicious symlinks.
Consequently, users on versions 3.7.5 and earlier are urged to upgrade to version 3.7.6 or later to mitigate these risks as the new version includes crucial security fixes.