CVE-2026-8328: FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address

Overview

Severity
N/A
Exploit Status
Not Exploited
Patch Tuesday
2026-May
Released
2026-05-17
Last Updated
2026-06-28
EPSS Score
0.40% (percentile: 31.9%)

Affected Products (4)

Other

  • 21379-17084
  • 21492-17084
  • 21021-17084

Open Source Software

  • azl3 python3 3.12.9-10 on Azure Linux 3.0

Revision History

  • 2026-05-17: Information published.
  • 2026-05-18: Information published.
  • 2026-05-19: Information published.
  • 2026-06-03: Information published.
  • 2026-06-03: Information published.
  • 2026-06-28: Information published.