CVE-2026-48113: Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection

June 12, 2026

Authenticated chisel clients can bypass --authfile ACL restrictions and tunnel traffic to arbitrary destinations reachable from the server. The ACL is enforced only during the initial handshake against declared remotes, but never on subsequent SSH channels that carry actual traffic. A malicious client authenticates with a permitted remote, then opens channels to any host:port it wants.

References

github.com/advisories/GHSA-24fp-5v3p-rvpw
github.com/jpillora/chisel/security/advisories/GHSA-24fp-5v3p-rvpw
nvd.nist.gov/vuln/detail/CVE-2026-48113

Code Behaviors & Features

Detect and mitigate CVE-2026-48113 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →