This vulnerability in Cerberus FTP Server on Windows arises from insecure handling of inherited permissions, which can be exploited to escalate privileges. The CVE-2026-6265 vulnerability is identified as CWE-278, indicating that the software improperly preserves inherited permissions, potentially allowing a lower-privileged user to gain elevated privileges. The CVSS 4.0 vector indicates that exploitation requires local access with low attack complexity, partial privileges, and user interaction, but results in high impact on confidentiality, integrity, availability, and security requirements. The vendor has addressed this issue in version 2026.1 of Cerberus FTP Server.

Successful exploitation of this vulnerability allows a local user with limited privileges to escalate their privileges on the affected system, potentially leading to unauthorized access to sensitive data or system functions. The high CVSS score reflects the significant impact on system security if exploited. There are no known exploits in the wild at this time.

The vulnerability has been resolved in Cerberus FTP Server version 2026.1. Users should upgrade to this version or later to remediate the issue. Since no official patch links or vendor advisory details are provided, confirm the upgrade availability and instructions from Cerberus official channels. No additional mitigation guidance is specified.