CVE-2026-8328: FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address
Overview
- Severity
- N/A
- Exploit Status
- Not Exploited
- Patch Tuesday
- 2026-May
- Released
- 2026-05-17
- Last Updated
- 2026-06-28
- EPSS Score
- 0.40% (percentile: 31.9%)
Affected Products (4)
Other
- 21379-17084
- 21492-17084
- 21021-17084
Open Source Software
- azl3 python3 3.12.9-10 on Azure Linux 3.0
Revision History
- 2026-05-17: Information published.
- 2026-05-18: Information published.
- 2026-05-19: Information published.
- 2026-06-03: Information published.
- 2026-06-03: Information published.
- 2026-06-28: Information published.