Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 25.10 GVfs Critical Code Execution Vulnerability USN-8114-1

ubuntu
Calendar Grey March 23, 2026
Dist Ubuntu Esm H88
Multiple security issues in GVfs were resolved for Ubuntu 22.04, 24.04 LTS, and 25.10. Stay secure with updates.
Several security issues were fixed in GVfs.

Summary

Several security issues were fixed in GVfs.

Software Description:

- gvfs: Userspace virtual file system

Details:

It was discovered that the GVfs FTP backend incorrectly handled IP

addresses and ports returned by passive mode responses. A malicious remote

server could possibly use this issue to help scan for open ports.

(CVE-2026-28295)

It was discovered that the GVfs FTP backend incorrectly handled crafted

file paths. A remote attacker could use this issue to terminate or inject

arbitrary FTP commands, or possibly execute arbitrary code.

(CVE-2026-28296)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  gvfs                            1.57.2-2ubuntu5.1
  gvfs-backends                   1.57.2-2ubuntu5.1

Ubuntu 24.04 LTS
  gvfs                            1.54.4-0ubuntu1~24.04.2
  gvfs-backends                   1.54.4-0ubuntu1~24.04.2

Ubuntu 22.04 LTS
  gvfs                            1.48.2-0ubuntu1.1
  gvfs-backends                   1.48.2-0ubuntu1.1

After a standard system update you need to restart your session to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8114-1

CVE-2026-28295, CVE-2026-28296

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8114-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here