Shodan
Vulnerabilities
Vulnerable Software
Patrickjuchli:  >> Basic-Ftp  Security Vulnerabilities
CVE-2026-27699
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.
CVSS Score
9.1
EPSS Score
0.0
Published
2026-02-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved