CVE-2026-42167
CVSS Score
8.1
EPSS Score
12.4%
EPSS Percentile
94th
mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).
| CWE | CWE-89 |
| Vendor | proftpd |
| Product | proftpd |
| Published | Apr 28, 2026 |
| Last Updated | May 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for proftpd proftpd
Be the first to know when new high vulnerabilities affecting proftpd proftpd are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
ProFTPD / ProFTPD
1.3.7b < 1.3.9a
References
proftpd.org: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.10rc1 github.com: https://github.com/proftpd/proftpd/issues/2052 zeropath.com: https://zeropath.com/blog/proftpd-cve-2026-42167-auth-bypass-privesc-rce github.com: https://github.com/ZeroPathAI/proftpd-CVE-2026-42167-poc openwall.com: https://www.openwall.com/lists/oss-security/2026/05/01/4 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/01/4 openwall.com: http://www.openwall.com/lists/oss-security/2026/05/01/13