EIP-2026-116605

PRE-CVE

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-116605. PoCs published by bzyo.

AI-analyzed exploit summary This PoC demonstrates a buffer overflow vulnerability in Xlight FTP Server v3.8.8.5 (x86/x64) by generating a crash file with a specific number of 'A' characters. The exploit triggers a crash when pasted into vulnerable fields in the application's configuration.

Description

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by bzyo · pythondoswindows

https://www.exploit-db.com/exploits/43135

View Code ZIP pw:eip

This PoC demonstrates a buffer overflow vulnerability in Xlight FTP Server v3.8.8.5 (x86/x64) by generating a crash file with a specific number of 'A' characters. The exploit triggers a crash when pasted into vulnerable fields in the application's configuration.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Xlight FTP Server v3.8.8.5 (x86/x64)

Auth required

Prerequisites: Access to Xlight FTP Server configuration interface · Ability to paste arbitrary input into vulnerable fields

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026