VYPR
High severity7.5NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-41324

CVE-2026-41324

Description

basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list(), causing the client process to consume memory until it becomes unstable or crashes. Version 5.3.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
basic-ftpnpm
< 5.3.05.3.0

Affected products

25

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.