What is CVE-2026-28295?

A medium-severity vulnerability exists in the FTP GVfs backend, allowing a malicious FTP server to exploit untrusted PASV responses. Organizations should prioritize patching to mitigate potential risks.

What is the severity of CVE-2026-28295?

CVE-2026-28295 has a severity rating of MEDIUM with a CVSS base score of 4.3.

CVE-2026-28295 | Medium Vulnerability in FTP GVfs Backend

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network. The CVSS score for this vulnerability is 4.3, indicating a medium-severity risk that organizations should take seriously.

Risk to organizations includes potential exposure of internal resources as the compromised client could connect to untrusted endpoints. This vulnerability can allow attackers to map the network and identify exploitable services. Therefore, organizations should address this issue in their patch management cycle.

As of the current status, this vulnerability is labeled as 'Deferred.' There are no confirmed public exploits available, which may reduce immediate threat levels. However, organizations should remain vigilant as unpatched vulnerabilities can lead to significant security breaches.

Organizations should prioritize patching immediately to mitigate the risks associated with this vulnerability and ensure their systems are secured against potential exploitation.

Vulnerability Details

The vulnerability identified as CVE-2026-28295 affects the FTP GVfs backend. It allows a malicious FTP server to provide untrusted PASV responses, leading to potential information disclosure. The CVSS v3.1 score is 4.3, categorized as medium severity. The flaw can be classified under CWE-918, which involves insufficient validation of input from a remote server.

Technical Analysis

The root cause of this vulnerability lies in the FTP GVfs backend's handling of PASV responses, where it does not validate the provided IP addresses and ports. Attackers can exploit this by crafting a malicious FTP server that responds with arbitrary endpoints, leading the client to connect to potentially harmful locations.

The attack vector is network-based, with low attack complexity. No privileges are required for exploitation, but user interaction is necessary, as the client must initiate a connection. The impact on confidentiality is low, while integrity and availability are not affected.

Risk & Impact Analysis

The real-world deployment risk of this vulnerability is significant, especially in environments where FTP protocols are widely used. The potential for network probing can lead to unauthorized access to sensitive information, making this a critical issue for organizations.

Organizations should assess their exposure to this vulnerability, particularly if they utilize FTP services extensively. The urgency for remediation is classified as medium, indicating that it should be addressed in the upcoming patch cycle to mitigate risks.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected by this vulnerability.

Mitigation & Remediation

Organizations should apply available patches as soon as they are released. If a patch is not available, ensure that configurations are hardened to restrict untrusted FTP connections. Monitoring network traffic for unusual connections may also help in identifying potential exploitation attempts.

For a comprehensive approach to security, organizations may consider engaging in penetration testing to validate their defenses against this and other vulnerabilities.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual connection attempts to FTP servers, particularly those that involve unexpected PASV responses. Behavioral anomalies in network traffic patterns can indicate malicious activities.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2026-28295 highlights the risks associated with untrusted input in network protocols. This vulnerability represents a pattern of insufficient validation, emphasizing the need for security teams to implement rigorous input validation and network controls.

Organizations are encouraged to review their security practices and adopt a proactive stance towards vulnerabilities that may arise from similar issues. For further insights on managing vulnerabilities and strengthening security, organizations can refer to resources on vulnerability management and penetration testing methodology to enhance their security posture.

Finally, organizations should stay updated on evolving threats and ensure that their security measures adapt accordingly.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-28295: Medium Vulnerability in FTP GVfs Backend