CVE-2026-28296
Received Received - Intake
CRLF Injection in GVfs FTP Backend Enables Remote Code Execution

Publication date: 2026-02-26

Last updated on: 2026-02-26

Assigner: Red Hat, Inc.

Description
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-28296
EUVD
EUVD-2026-8861
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnome gvfs to 2.11.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-93 The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the GVfs FTP backend on Linux systems. It occurs because the backend does not properly sanitize file paths supplied by users that contain carriage return and line feed (CRLF) sequences.

An attacker can exploit this by crafting file paths with embedded CRLF sequences, which prematurely terminate the intended FTP command and allow injection of arbitrary FTP commands.

This means the attacker can execute arbitrary FTP commands on the server, potentially leading to arbitrary code execution or other severe impacts.

Impact Analysis

[{'type': 'paragraph', 'content': 'The vulnerability allows a remote attacker to inject arbitrary FTP commands by exploiting unsanitized file paths containing CRLF sequences.'}, {'type': 'paragraph', 'content': 'This can lead to arbitrary code execution or other serious impacts on the affected system.'}, {'type': 'paragraph', 'content': "Since the attacker can control FTP commands, they might manipulate files, disrupt services, or gain unauthorized access depending on the server's configuration and permissions."}] [1]

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the injection of arbitrary FTP commands via specially crafted file paths containing CRLF sequences in the GVfs FTP backend. Detection can focus on monitoring FTP traffic for unusual or unexpected FTP commands that may indicate command injection.

You can inspect FTP traffic on your network using packet capture tools like tcpdump or Wireshark to look for FTP commands containing carriage return and line feed sequences within file paths.

  • Use tcpdump to capture FTP traffic: tcpdump -i <interface> -s 0 -w ftp_traffic.pcap port 21
  • Analyze the captured traffic with Wireshark or tshark to filter FTP commands and check for CRLF sequences in file paths.
  • On the affected system, check logs or debug output of GVfs FTP backend for suspicious file path inputs containing CRLF sequences.
Mitigation Strategies

Since the vulnerability arises from unsanitized file paths containing CRLF sequences in the GVfs FTP backend, immediate mitigation steps include restricting or monitoring the use of GVfs FTP backend and avoiding the use of untrusted file paths.

You should consider disabling or limiting the GVfs FTP backend functionality if possible until a patch or fix is available.

Additionally, monitor FTP traffic for suspicious commands and restrict network access to trusted users to reduce the risk of exploitation.

Keep an eye on official updates or patches from your Linux distribution or GVfs maintainers to apply fixes once available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28296. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart