CVE-2026-41324: basic-ftp vulnerable to denial of service via unbounded memory consumption in Client.list()
(updated )
basic-ftp@5.2.2 is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list(), causing the client process to consume memory until it becomes unstable or crashes.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-41324 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →