PT-2026-34847 · Npm · Basic-Ftp

Maanvader

Published

2026-04-24

Updated

2026-04-28

CVE-2026-41324

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.3.0

Description An issue in the Node.js FTP client allows for a denial of service via unbounded memory growth during the processing of directory listings from a remote FTP server. A malicious or compromised server can send an excessively large or infinite listing response to the Client.list() function, leading the client process to consume memory until it crashes or becomes unstable.

Recommendations Update to version 5.3.0.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2026-41324

Affected Products

Basic-Ftp

PT-2026-34847 · Npm · Basic-Ftp

CVE-2026-41324

Weakness Enumeration

Related Identifiers

Affected Products

References · 8