Product
An authenticated SFTP user can trigger a heap-based buffer overflow in ProFTPD's mod_sftp module (CVE-2026-53994) by sending a malformed SFTP packet, leading to an integer underflow, an undersized buffer allocation, and subsequent heap corruption, which results in a reliable remote denial of service.