CVE-2023-53886

HIGH

Xlight FTP Server 3.9.3.6 - Buffer Overflow

Title source: llm

Description

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.

Exploits (1)

exploitdb WORKING POC

by Yehia Elghaly · pythondoswindows

https://www.exploit-db.com/exploits/51665

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51665

[Third Party Advisory] https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program

[Vendor Advisory] https://www.xlightftpd.com/

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-121 CWE-787

Status published

Products (2)

Xlightftpd/Xlight FTP Server 3.9.3.6

xlightftpd/xlight_ftp_server 3.9.3.6

Published Dec 15, 2025

Tracked Since Feb 18, 2026