VDB
CVE-2026-41324
CVE-2026-41324
PUBLISHED
CVSS 7.5 HIGH
basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to `Client.list()`, causing the client process to consume memory until it becomes unstable or crashes. Version 5.3.0 fixes the issue.
EPSS 0.06% · 18.9th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.06%
18.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| patrickjuchli | basic-ftp | * |
Timeline
- Apr 16, 2026 CVE Published
- Apr 24, 2026 PoC Published
- Apr 24, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr url
- https://advisory.splunk.com/advisories/SVD-2026-0512 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0513 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0509 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0510 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0505 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0515 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0507 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0506 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0508 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0504 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0514 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0516 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0501 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0503 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0511 advisory
- https://advisory.splunk.com/advisories/SVD-2026-0502 advisory
- https://www.ibm.com/support/pages/node/7274185 advisory
- https://www.ibm.com/support/pages/node/7274154 advisory
- https://www.ibm.com/support/pages/node/7274180 advisory
…and 8 more