Insecure Inherited Permissions in Cerberus FTP Server by Cerberus FTP Software
CVE-2026-6265

7.3HIGH

Key Information:

Vendor: Cerberus
Status: Cerberus Ftp Server
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-6265?

A vulnerability in Cerberus FTP Server allows attackers to exploit insecure inherited permissions on Windows environments, potentially enabling privilege escalation. This affects users and administrators relying on the affected versions of the server. The issue has been addressed in the updated version 2026.1, making it crucial for users to upgrade to mitigate security risks.

Affected Version(s)

Cerberus FTP Server Windows 0 <= 2025.4.2

Cerberus FTP Server Windows 2026.1

References

https://www.cerberusftp.com/releasenotes/

release-notes

https://labs.reversec.com/advisories/2026/04/cerberus-ftp...

third-party-advisory

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Apr 14, 2026

Credit

Sharan Patil with Reversec

CVE-2026-6265 Data

JSON