CVE-2026-49172
Microsoft · Windows
A heap-based buffer overflow in the Windows FTP Service allows an unauthenticated attacker to execute arbitrary code over a network.
Executive summary
A critical heap-based buffer overflow in the Windows FTP Service enables unauthenticated remote code execution, posing a severe threat to system security.
Vulnerability
The Windows FTP Service contains a heap-based buffer overflow (CWE-122). An unauthenticated attacker can exploit this via the network to execute code, bypassing authentication requirements.
Business impact
With a CVSS score of 9.8, this vulnerability represents a high-priority risk. Successful exploitation could result in a complete loss of confidentiality, integrity, and availability, potentially allowing attackers to install malware or pivot into sensitive internal network segments.
Remediation
Immediate Action: Update the affected Windows operating systems to the versions specified in the vendor security advisory to remediate the buffer overflow.
Proactive Monitoring: Audit FTP service logs for malformed requests or unexpected connection resets that could indicate an attempt to trigger the overflow.
Compensating Controls: If patching is delayed, disable the FTP service or restrict access to the FTP port (typically 21) using a firewall to prevent network-based exploitation.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
This vulnerability demands immediate attention due to the ease with which an attacker can exploit the FTP service. Ensure all systems are updated to the latest build versions provided by Microsoft to eliminate this critical attack vector.