HIGH
ProFTPD Project
CVE published 2026-06-24
CVE-2026-35025
CVE-2026-35025 is a high-severity vulnerability in ProFTPD, a popular FTP server software. The vulnerability allows authenticated FTP users to bypass directory access control lists (ACLs) by prefixing paths with /proc/self/root in the RNFR command handler. This enables attackers to perform rename operations on files in DenyAll-protected directories and subsequently retrieve those files. The vulnerability [truncated]