CVE-2026-44240: CWE-400: Uncontrolled Resource Consumption in patrickjuchli basic-ftp
basic-ftp versions prior to 5. 3. 1 contain a vulnerability that allows a malicious FTP server to cause client-side denial of service by sending an unterminated multiline response during the initial FTP banner phase. This causes uncontrolled resource consumption in the client, potentially leading to process crashes or service degradation. The issue is fixed in version 5. 3. 1.
AI Analysis
Technical Summary
The basic-ftp Node.js client before version 5.3.1 is vulnerable to uncontrolled resource consumption (CWE-400) due to improper handling of FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial banner phase, causing the client to repeatedly append data into an internal buffer and reparse it without limits. This leads to excessive memory and CPU usage, resulting in denial of service conditions such as process crashes, container OOM kills, or service degradation. The vulnerability is addressed in basic-ftp version 5.3.1.
Potential Impact
Exploitation allows a malicious FTP server to cause a denial of service on clients using vulnerable versions of basic-ftp by exhausting memory and CPU resources. This can disrupt applications that automatically connect to FTP servers, causing process-level crashes, container restarts, or queue backlogs. There is no impact on confidentiality or integrity, only availability.
Mitigation Recommendations
Upgrade basic-ftp to version 5.3.1 or later, where this vulnerability is fixed. Patch status is confirmed by the vulnerability description indicating the fix in 5.3.1. No other mitigations are indicated.
CVE-2026-44240: CWE-400: Uncontrolled Resource Consumption in patrickjuchli basic-ftp
Description
basic-ftp versions prior to 5. 3. 1 contain a vulnerability that allows a malicious FTP server to cause client-side denial of service by sending an unterminated multiline response during the initial FTP banner phase. This causes uncontrolled resource consumption in the client, potentially leading to process crashes or service degradation. The issue is fixed in version 5. 3. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The basic-ftp Node.js client before version 5.3.1 is vulnerable to uncontrolled resource consumption (CWE-400) due to improper handling of FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial banner phase, causing the client to repeatedly append data into an internal buffer and reparse it without limits. This leads to excessive memory and CPU usage, resulting in denial of service conditions such as process crashes, container OOM kills, or service degradation. The vulnerability is addressed in basic-ftp version 5.3.1.
Potential Impact
Exploitation allows a malicious FTP server to cause a denial of service on clients using vulnerable versions of basic-ftp by exhausting memory and CPU resources. This can disrupt applications that automatically connect to FTP servers, causing process-level crashes, container restarts, or queue backlogs. There is no impact on confidentiality or integrity, only availability.
Mitigation Recommendations
Upgrade basic-ftp to version 5.3.1 or later, where this vulnerability is fixed. Patch status is confirmed by the vulnerability description indicating the fix in 5.3.1. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-05T15:42:40.519Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0392cfcbff5d861018bb8f
Added to database: 5/12/2026, 8:51:27 PM
Last enriched: 5/12/2026, 9:06:36 PM
Last updated: 5/12/2026, 9:58:35 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.