CVE-2026-42167

HIGH

OESA-2026-2158 proftpd security update

Details

CVSS v3: 8.1
NVD published: 2026-04-28 23:16:20
EPSS: 5.5% probability · 90.2th percentile — 2026-05-02
Affected versions: Not available in our cache.
Summary: mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.