Auth bypass in Froxlor
CVE-2026-41235
Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers d…
Vulnerability class: Broken Access Control
Affected products
- Froxlor — versions = 2.3.6
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)