CVE-2026-8328
ADVISORY - nistSummary
The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.
Common Weakness Enumeration (CWE)
ADVISORY - nist
Server-Side Request Forgery (SSRF)
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-8328
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-8328
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-