HIGH
ProFTPD
CVE published 2026-04-28
CVE-2026-42167
CVE-2026-42167 is a remote code execution vulnerability in ProFTPD's mod_sql module. The vulnerability allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands. The affected product is ProFTPD versions before 1.3.9a. The vulnerability has a high severity and requires immediate at [truncated]