Linux Distros Unpatched Vulnerability : CVE-2026-44240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...

Linux Distros Unpatched Vulnerability : CVE-2026-41324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +26 more potentially affected by CVE-2026-41324 via basic-ftp (>=5.0.2 <=5.2.2)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =1.0.5 - @neurarank/node-sftp =0.4.3 and more Source cves: CVE-2026-41324 Source advisory: SNYK:JS-BASICFTP-16094986...

Allocation of Resources Without Limits or Throttling

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the StringWriter method. An attacker can cause excessive memory consumption and...

CVE-2026-39983

A flaw was found in basic-ftp, an FTP client for Node.js. A remote attacker can exploit this vulnerability by injecting Carriage Return Line Feed CRLF sequences into file path parameters used by high-level APIs. This allows the attacker to split a single intended FTP command into multiple command...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +25 more potentially affected by CVE-2026-39983 via basic-ftp (>=5.0.2 <=5.1.0)

basic-ftp NPM version =5.0.2, =0.2.6, =1.0.0, =1.0.0, =2.0.18, =1.9.2, =1.2.0, =4.6.0-blowfish, =1.0.3, =1.0.4, =0.1.1, =0.2.0 and more Source cves: CVE-2026-39983 Source advisory: SNYK:JS-BASICFTP-15989098...

@activeboxes/piece-sftp (=0.2.6), @activepieces/piece-apify (=0.2.1) +183 more potentially affected by CVE-2026-27699 via basic-ftp (>=2.16.0 <=5.1.0)

basic-ftp NPM version =2.16.0, =0.2.6, =0.2.0, =0.7.0, =0.3.0, =3.0.0, =1.0.0, =1.1.0, =2.0.0, =1.0.0, =1.1.0, =1.0.0, =1.5.1 - @digitranslab/piece-sftp =0.2.6 and more Source cves: CVE-2026-27699 Source advisory: OSV:GHSA-5RQ4-664W-9X2C...