EIP-2026-102744

PRE-CVE

stftp 1.10 - PWD Response Remote Stack Overflow (PoC)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102744. PoCs published by sqlevil.

AI-analyzed exploit summary This is a functional PoC for a stack overflow vulnerability in stftp <= 1.10, triggered by a maliciously crafted PWD response. The exploit sets up a fake FTP server and sends an oversized PWD response to overflow the stack, with a placeholder return address for x64 architecture.

Description

stftp 1.10 - PWD Response Remote Stack Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED
by sqlevil · pythondoslinux
https://www.exploit-db.com/exploits/9264

This is a functional PoC for a stack overflow vulnerability in stftp <= 1.10, triggered by a maliciously crafted PWD response. The exploit sets up a fake FTP server and sends an oversized PWD response to overflow the stack, with a placeholder return address for x64 architecture.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: stftp <= 1.10
No auth needed
Prerequisites: Network access to target · Target must connect to attacker's FTP server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026