EIP-2026-115944

PRE-CVE

Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115944. PoCs published by His0k4.

AI-analyzed exploit summary This exploit targets Nofeel FTP Server V3.6 by sending a continuous loop of 'cwd()' commands after authentication, causing remote memory consumption (DoS). The code establishes an FTP connection, authenticates with hardcoded credentials, and then floods the server with commands.

Description

Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption

Exploits (1)

exploitdb WORKING POC VERIFIED

by His0k4 · pythondoswindows

https://www.exploit-db.com/exploits/7756

View Code ZIP pw:eip

This exploit targets Nofeel FTP Server V3.6 by sending a continuous loop of 'cwd()' commands after authentication, causing remote memory consumption (DoS). The code establishes an FTP connection, authenticates with hardcoded credentials, and then floods the server with commands.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Nofeel FTP Server V3.6

Auth required

Prerequisites: Network access to the FTP server · Valid or default credentials (USER: test, PASS: ftp)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026