CVE-2026-44331: SQL Injection

Q: What is the severity of CVE-2026-44331?

CVE-2026-44331 is a critical SQL injection vulnerability that can allow remote attackers to execute arbitrary SQL commands.

Q: How do I fix CVE-2026-44331?

To fix CVE-2026-44331, update ProFTPD to version 1.3.9a or later than commit 7666224.

Q: What does CVE-2026-44331 affect?

CVE-2026-44331 affects ProFTPD versions up to and including 1.3.9a prior to commit 7666224.

Q: How can CVE-2026-44331 be exploited?

CVE-2026-44331 can be exploited by an attacker injecting malicious SQL commands through a crafted domain name during a reverse DNS lookup.

Q: What configuration setting is critical in CVE-2026-44331?

The critical configuration setting involved in CVE-2026-44331 is 'UseReverseDNS', which must be enabled to facilitate the vulnerability.

Published May 5, 2026

Updated

In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the attacker-supplied hostname is passed unescaped into SQL queries. The character restrictions of DNS names may affect exploitability.

Affected Software

1 affected component

ProFTPD ProFTPD<=1.3.9a, <7666224

Event History

May 5, 2026

CVE Published

via MITRE·07:41 PM

Data Sourced

via MITRE·07:41 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·08:16 PM

DescriptionSeverityWeakness

Frequently Asked Questions

What is the severity of CVE-2026-44331?

CVE-2026-44331 is a critical SQL injection vulnerability that can allow remote attackers to execute arbitrary SQL commands.

How do I fix CVE-2026-44331?

To fix CVE-2026-44331, update ProFTPD to version 1.3.9a or later than commit 7666224.

What does CVE-2026-44331 affect?

CVE-2026-44331 affects ProFTPD versions up to and including 1.3.9a prior to commit 7666224.

How can CVE-2026-44331 be exploited?

CVE-2026-44331 can be exploited by an attacker injecting malicious SQL commands through a crafted domain name during a reverse DNS lookup.

What configuration setting is critical in CVE-2026-44331?

The critical configuration setting involved in CVE-2026-44331 is 'UseReverseDNS', which must be enabled to facilitate the vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.