PatchSiren

ProFTPD Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH ProFTPD Project CVE published 2026-06-24

CVE-2026-35025

CVE-2026-35025 is a high-severity vulnerability in ProFTPD, a popular FTP server software. The vulnerability allows authenticated FTP users to bypass directory access control lists (ACLs) by prefixing paths with /proc/self/root in the RNFR command handler. This enables attackers to perform rename operations on files in DenyAll-protected directories and subsequently retrieve those files. The vulnerability [truncated]