Primary

Context

FileZilla Denial-of-Service Vulnerability in Local Search Functionality

Vulnerability

A denial-of-service vulnerability has been identified in FileZilla version 3.40.0. This issue arises in the local search feature, where a local attacker can crash the application by providing a malformed path string. The crash is triggered by entering a path that includes 384 'A' characters followed by 'BBBB' and 'CCCC' sequences in the search directory field, and then starting a local search operation.

Impact

Exploitation of this vulnerability leads to a crash of the FileZilla application, causing a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by entering a crafted path into the search directory field of the local search functionality. The path must consist of 384 'A' characters followed by 'BBBB' and 'CCCC' sequences. Once the path is entered, initiating the local search operation will cause the application to crash.

Added: Apr 5, 2026, 9:31 PM

Updated: Apr 5, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

5.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FileZilla Denial-of-Service Vulnerability in Local Search Functionality

Vulnerability

Impact

Reproduction

Affected Products

FileZilla

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating