ROOT-APP-NPM-CVE-2026-39983 CVE-2026-39983 in @rootio/basic-ftp - Patched by Root

Root has patched CVE-2026-39983 in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...

CVE-2026-39983 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, code-server, langfuse...

CVE-2026-39983 vulnerabilities

Vulnerabilities for packages: langfuse, code-server, opensearch-dashboards-fips, langfuse-fips, opensearch-dashboards, kibana, wazuh-dashboard...

Linux Distros Unpatched Vulnerability : CVE-2026-39983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15989098...

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15953339...