Tag
A path traversal vulnerability exists in electerm's Zmodem and Trzsz file download handlers (CVE-2026-49253), allowing a malicious SSH server to send specially crafted filenames (e.g., `../escaped.txt`) that, when accepted by the user, can cause files to be written to arbitrary locations on the user's filesystem, potentially overwriting sensitive files or introducing malicious content.