EIP-2026-102719

PRE-CVE

ProFTPd 1.2.x - 'STAT' Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102719. PoCs published by Rob klein Gunnewiek.

AI-analyzed exploit summary This script exploits a denial of service vulnerability in ProFTPD by sending multiple STAT commands with deeply nested wildcards, consuming system resources. It requires anonymous or valid FTP credentials to execute the attack.

Description

ProFTPd 1.2.x - 'STAT' Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rob klein Gunnewiek · bashdoslinux

https://www.exploit-db.com/exploits/22079

View Code ZIP pw:eip

This script exploits a denial of service vulnerability in ProFTPD by sending multiple STAT commands with deeply nested wildcards, consuming system resources. It requires anonymous or valid FTP credentials to execute the attack.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: ProFTPD <=1.2.7rc3

Auth required

Prerequisites: FTP access with valid credentials · Network connectivity to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026