A critical SQL injection vulnerability in ProFTPD’s mod_sql extension, tracked as CVE-2026-42167, that enables remote code execution, authentication bypass, and privilege escalation in some configurations, exploitable before authentication. MITRE has rated the flaw 8.1 on the CVSSv3 severity scale, and a patch is available in ProFTPD version 1.3.9a, released on April 27, 2026. ProFTPD refers to one of the most […] The post ProFTPD SQL Injection Flaw Enables Remote Code Execution appeared first on Cyber Security News.