← Voltar para CVEs
CVE-2026-28295
MEDIUM4.3
Descricao
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.
Detalhes CVE
Pontuacao CVSS v3.14.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/26/2026
Ultima modificacao2/27/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-918
Referencias
https://access.redhat.com/security/cve/CVE-2026-28295(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2443004(secalert@redhat.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.