wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
Loading...
Loading...
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
November 30, 2001
April 16, 2026
Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.
Working exploit code is in the public domain (2 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
WU-FTPD 2.6.1 - Remote Command Execution
Open source ↗WU-FTPD 2.6 - File Globbing Heap Corruption
Open source ↗See which npm, PyPI, Go, and Maven packages are affected by CVE-2001-0550
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.