CVE-2026-28296 - Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in fi...

CVE ID : CVE-2026-28296 Published : Feb. 26, 2026, 3:10 p.m. | 48 minutes ago Description : A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...