EIP-2026-116603

PRE-CVE

Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116603. PoCs published by storm.

AI-analyzed exploit summary This Perl script exploits a remote buffer overflow in Xlight FTP Server by sending an excessively long PASS command. The vulnerability allows an attacker to potentially execute arbitrary code or crash the service.

Description

Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by storm · perldoswindows

https://www.exploit-db.com/exploits/23468

View Code ZIP pw:eip

This Perl script exploits a remote buffer overflow in Xlight FTP Server by sending an excessively long PASS command. The vulnerability allows an attacker to potentially execute arbitrary code or crash the service.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Xlight FTP Server versions 1.41 and prior

No auth needed

Prerequisites: Network access to the target FTP server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026