A critical path containment bypass vulnerability in Canonical Multipass before version 1.16.3 allows virtual machine escape. The vulnerability exists in the host-side SFTP server component (sshfs_server) that runs with root privileges. An attacker with root access inside a guest VM can exploit insufficient path validation in the validate_path function to perform directory traversal attacks. By injecting raw SFTP frames into the sshfs_server process via procfs, attackers can bypass the FUSE layer and access arbitrary files on the host filesystem outside the designated mount boundary.