NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-8328

Summary	The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and passes the raw attacker-controllable IP address and port to target.sendport(). This patch is related to CVE-2021-4189.
Publication Date	May 14, 2026, 6:16 a.m.
Registration Date	May 15, 2026, 4:23 a.m.
Last Update	May 15, 2026, 1:21 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/python/cpython/issues/87451	cna@python.org
2	https://github.com/python/cpython/pull/149648	cna@python.org
3	https://mail.python.org/archives/list/security-announce@python.org/thread/ITF2BAPBQEPYK3LDMPRSY435JGNHYNDP/	cna@python.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-918	サーバサイドリクエストフォージェリ	https://cwe.mitre.org/data/definitions/918.html