An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on…

CVE-2026-49238 affects Canonical Multipass versions before 1.16.3, involving a path containment bypass vulnerability in the host-side SFTP server component (sshfs_server). The vulnerability exists in the validate_path function which performs inadequate path validation without proper normalization of directory traversal sequences. An attacker with root privileges inside a guest VM can inject raw SFTP frames directly into the sshfs_server process via procfs, bypassing the FUSE layer. By exploiting directory traversal sequences that match the allowed mount prefix, the attacker can force the host-side root process to access files outside the designated mount boundary. This results in arbitrary file read access on the host filesystem and enables virtual machine escape attacks.