CVE-2021-47865 HIGH

CVE-2021-47865: ProFTPD 1.3.7a - Remote Denial of Service

Vendor Proftpd
Product ProFTPD
Weakness CWE-770 · Uncontrolled resource consumption
Published January 21, 2026
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

Key dates

02Disclosure timeline

January 21, 2026 CVE published
April 7, 2026 Record updated