Drakkan Sftpgo
8 CVEs affecting Drakkan Sftpgo. Latest disclosed: 2026-03-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36071 | High | 8.3 | 2022-09-02 | SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time… |
CVE-2025-24366 | High | 7.5 | 2025-02-07 | SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default command… |
CVE-2022-39220 | Medium | 6.1 | 2022-09-20 | SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing rem… |
CVE-2024-37897 | Medium | 5.4 | 2024-06-20 | SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient s… |
CVE-2026-30915 | | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. SFTPGo versions before v2.7.1 contain an input validation issue in the handling of dynamic group… | |
CVE-2026-30914 | | 2026-03-13 | SFTPGo is an open source, event-driven file transfer solution. In SFTPGo versions prior to 2.7.1, a path normalization discrepancy between the protocol handler… | |
CVE-2024-52801 | | 2024-11-29 | sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implem… | |
CVE-2024-52309 | | 2024-11-21 | SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo… |