CVE-2026-41324

HIGH

MINI-QWXH-477F-X8JR

Details

CVSS v3: 7.5
NVD published: 2026-04-24 04:16:20
EPSS: <0.1% probability · 12.0th percentile — 2026-04-27
Affected versions: cpe:2.3:a:patrickjuchli:basic-ftp:*:*:*:*:*:node.js:*:*
Summary: basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client.list()`, causing the client process to consume memory until it becomes unstable or crashes. Version 5.3.0 fixes the issue.
Remediation: Not available in our cache.
Exploit info: https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.