Xlight FTP Server is a high-performance, easy-to-use FTP server that supports secure transfers and multiple sessions. It provides robust capabilities, including granular user and IP-based access control, session monitoring and control, and support for various authentication methods. It also offers extensive logging, FTP over SSL/TLS, and advanced features like SFTP (SSH2), UPnP NAT traversal, and IPv6 support.

Xlight FTP Server

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-46483	CRITICAL	9.8	Xlight FTP Server	cpe:2.3:a:xlightftpd:xlight_ftp_server	No	Yes	Oct 22, 2024
CVE-2024-0737	HIGH	7.5	Xlight FTP Server	cpe:2.3:a:xlightftpd:xlight_ftp_server	No	No	Jan 19, 2024
CVE-2009-4795	MEDIUM	6.8	Xlight FTP Server	cpe:2.3:a:xlightftpd:xlight_ftp_server	No	No	Apr 22, 2010
CVE-2010-2695	MEDIUM	6.5	Xlight FTP Server	cpe:2.3:a:xlightftpd:xlight_ftp_server	No	No	Jul 12, 2010
CVE-2023-53886	MEDIUM	5.1	Xlight FTP Server	cpe:2.3:a:xlightftpd:xlight_ftp_server	No	No	Dec 15, 2025

CVE-2023-53886:
Xlight FTP Server vulnerability analysis and mitigation

5.1

Related Xlight FTP Server vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2023-53886: Xlight FTP Server vulnerability analysis and mitigation