Heap-based Buffer Overflow in Windows FTP Service by Microsoft
CVE-2026-49172

9.8CRITICAL

What is CVE-2026-49172?

The vulnerability in the Windows FTP Service is a heap-based buffer overflow that enables an unauthorized attacker to execute arbitrary code remotely over a network. This exploit can lead to significant security risks, allowing attackers to potentially take control of affected systems. It is crucial for users to apply the necessary security updates to mitigate this risk adequately.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9339

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.9020

Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7548

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.