CVE-2026-6265 | THREATINT

Description

Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1

PUBLISHED Reserved 2026-04-14 | Published 2026-04-27 | Updated 2026-04-27 | Assigner NCSC-FI

HIGH: 7.3CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-278 Insecure preserved inherited permissions

Product status

Default status

unaffected

Any version

affected

2026.1

unaffected

Credits

Sharan Patil with Reversec finder

References

labs.reversec.com/...erus-ftp-server-elevation-of-privileges exploit

www.cerberusftp.com/releasenotes/ release-notes

labs.reversec.com/...erus-ftp-server-elevation-of-privileges third-party-advisory

cve.org (CVE-2026-6265)

nvd.nist.gov (CVE-2026-6265)

Download JSON