CVE-2026-53994
ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...