CVE-2026-49172
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-49172, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Heap-based buffer overflow in Windows FTP Service allows an unauthorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_ftp_service *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-49172 is a heap-based buffer overflow vulnerability in the Windows FTP Service. This flaw allows an unauthorized attacker to execute arbitrary code over a network without requiring any privileges or user interaction.

A heap-based buffer overflow occurs when a program writes more data to a buffer than it can hold, corrupting memory. In this case, the vulnerability exists in the Windows FTP Service, which could be exploited by sending specially crafted input to the service.

The CVSS v3.1 score for this vulnerability is 9.8, indicating a critical severity with high impacts on confidentiality, integrity, and availability.

Impact Analysis

If you are using a system with the Windows FTP Service enabled, this vulnerability could have severe consequences.

  • Remote Code Execution: An attacker could exploit this vulnerability to execute malicious code on your system, potentially taking full control of it.
  • Unauthorized Access: Since the attack does not require authentication or user interaction, an attacker could gain access to sensitive data or systems without your knowledge.
  • System Compromise: The attacker could install malware, steal data, or disrupt services, leading to operational downtime or data breaches.

The high CVSS score (9.8) reflects the potential for significant damage, including complete system compromise.

Compliance Impact

This vulnerability could have serious implications for compliance with various standards and regulations, depending on the affected systems and data.

  • GDPR: If the Windows FTP Service is used to handle personal data of EU citizens, exploitation of this vulnerability could lead to unauthorized access or data breaches. GDPR requires organizations to implement appropriate security measures to protect personal data, and a failure to patch this vulnerability could result in non-compliance, fines, or legal action.
  • HIPAA: For organizations in the healthcare sector, if the FTP service is used to transmit or store protected health information (PHI), this vulnerability could lead to a breach of PHI. HIPAA mandates the protection of PHI, and exploitation of this flaw could result in violations, penalties, or loss of certification.
  • Other Standards: Compliance frameworks like ISO 27001, NIST, or PCI DSS require organizations to maintain secure systems and protect against known vulnerabilities. Failure to address this vulnerability could result in non-compliance with these standards, leading to audits, fines, or loss of business partnerships.

Organizations should prioritize patching this vulnerability to avoid potential compliance violations and associated risks.

Detection Guidance

Detection of CVE-2026-49172 involves checking for the presence of the vulnerable Windows FTP Service and verifying if it is exposed to unauthorized network access.

  • Check if the Windows FTP Service is running on your system. You can use the following command in PowerShell or Command Prompt: sc query ftpsvc
  • Verify if the service is accessible from unauthorized networks. Use network scanning tools like Nmap to check for open FTP ports (typically port 21): nmap -p 21 <target_IP>
  • Review system logs for unusual FTP connection attempts or failed authentication logs, which may indicate exploitation attempts.
  • Check for updates or patches applied to the Windows FTP Service. Use the following command to list installed updates: wmic qfe list
Mitigation Strategies

To mitigate CVE-2026-49172, follow these immediate steps:

  • Apply the latest security update from Microsoft for the Windows FTP Service. Refer to the Microsoft Update Guide for CVE-2026-49172 for patch details.
  • If patching is not immediately possible, disable the Windows FTP Service to prevent exploitation. Use the following command: sc stop ftpsvc && sc config ftpsvc start= disabled
  • Restrict network access to the FTP service by configuring firewalls to allow connections only from trusted IP addresses.
  • Monitor network traffic for suspicious activity targeting FTP ports and investigate any anomalies.
  • Enable logging for FTP connections to detect potential exploitation attempts and review logs regularly.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49172. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart