Home
CRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C 10.0.14393.0 (custom) before 10.0.14393.9339
affected
10.0.17763.0 (custom) before 10.0.17763.9020
affected
10.0.19044.0 (custom) before 10.0.19044.7548
affected
10.0.19045.0 (custom) before 10.0.19045.7548
affected
10.0.22631.0 (custom) before 10.0.22631.7376
affected
10.0.22631.0 (custom) before 10.0.22631.7376
affected
10.0.26100.0 (custom) before 10.0.26100.8875
affected
10.0.26200.0 (custom) before 10.0.26200.8875
affected
10.0.28000.0 (custom) before 10.0.28000.2269
affected
10.0.17763.0 (custom) before 10.0.17763.9020
affected
10.0.17763.0 (custom) before 10.0.17763.9020
affected
10.0.20348.0 (custom) before 10.0.20348.5386
affected
10.0.26100.0 (custom) before 10.0.26100.33158
affected
10.0.26100.0 (custom) before 10.0.26100.33158
affected
Description
Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network.
Problem types
CWE-122: Heap-based Buffer Overflow
Product status
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2026-49172 (Windows FTP Service Remote Code Execution Vulnerability)