CVE-2026-8328 Overview
CVE-2026-8328 is a Server-Side Request Forgery (SSRF) vulnerability in the Python standard library ftplib module. The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was remediated. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address from getpeername()[0], ftpcp() still calls parse227() directly. The function passes the raw attacker-controllable IP address and port to target.sendport(), enabling redirection of FTP data connections to arbitrary hosts. The flaw is categorized under CWE-918.
Critical Impact
A malicious FTP server can coerce a Python client using ftpcp() to initiate data transfers to attacker-chosen internal or external hosts, enabling SSRF against internal services.
Affected Products
- Python CPython Lib/ftplib.py — ftpcp() function
- Applications and scripts that invoke ftplib.FTP.ftpcp() for server-to-server FTP copy
- Python distributions that did not extend the CVE-2021-4189 fix to ftpcp()
Discovery Timeline
- 2026-05-13 - CVE-2026-8328 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-8328
Vulnerability Analysis
The Python ftplib module supports server-to-server file copy via the ftpcp() helper. This routine opens a passive data connection on one FTP server and instructs a second server to connect to it using the PORT command. The original CVE-2021-4189 patch hardened makepasv() to discard attacker-supplied addresses returned in 227 responses, substituting the actual TCP peer address. The same hardening was never applied to ftpcp(). As a result, a hostile source FTP server can return a crafted 227 reply containing an arbitrary IP address and port, which ftpcp() forwards verbatim to the destination server through sendport().
Root Cause
The root cause is incomplete remediation of CVE-2021-4189. ftpcp() invokes parse227() on the source server response and uses the resulting tuple without validation. Because the value is never reconciled against the established socket's peer address, the trust boundary between the FTP control channel and the data channel target is broken.
Attack Vector
Exploitation requires a victim to initiate an FTP copy via ftpcp() against a malicious source server, satisfying the User Interaction (UI:A) requirement in the CVSS vector. The malicious server responds to a PASV request with a 227 reply pointing at an internal host, such as a metadata service or internal management interface. The victim's Python process then directs the destination FTP server to open a data connection to that target. This produces an SSRF primitive that can reach hosts otherwise unreachable from the attacker. The vulnerability impacts integrity (VI:H) by allowing arbitrary data to be pushed to non-FTP services that tolerate FTP banner traffic. Technical details are documented in GitHub Issue #87451 and Pull Request #149648.
Detection Methods for CVE-2026-8328
Indicators of Compromise
- Outbound FTP PORT commands issued by Python processes that reference internal RFC1918 addresses or cloud metadata IPs such as 169.254.169.254.
- 227 PASV responses from external FTP servers containing host octets that do not match the established TCP peer address.
- Unexpected TCP connections from FTP servers to internal services on non-FTP ports.
Detection Strategies
- Inspect FTP control traffic at egress points and alert when 227 response addresses diverge from the connected server IP.
- Audit Python applications for calls to ftplib.FTP.ftpcp() and instrument them to log parsed PASV tuples.
- Correlate process telemetry showing python executing ftplib with outbound connections to sensitive internal CIDRs.
Monitoring Recommendations
- Enable network flow logging on hosts that perform automated FTP transfers and baseline expected destinations.
- Monitor cloud metadata endpoints for anomalous source processes, especially Python interpreters.
- Capture and review FTP PORT/EPRT commands forwarded to destination servers for non-routable or sensitive targets.
How to Mitigate CVE-2026-8328
Immediate Actions Required
- Inventory all uses of ftplib.FTP.ftpcp() across internal codebases and CI pipelines.
- Restrict outbound FTP traffic from application hosts to known, trusted FTP endpoints only.
- Apply the upstream CPython patch from Pull Request #149648 once released in your Python version stream.
Patch Information
The fix extends the CVE-2021-4189 mitigation to ftpcp() by validating that the address returned by parse227() matches the FTP control connection's peer address before passing it to sendport(). Track distribution-specific Python package updates and the Python Security Announcement Thread for backport availability.
Workarounds
- Avoid ftpcp() and implement server-to-server copy logic that explicitly validates the PASV host against the source server's peer address.
- Wrap ftpcp() calls with a custom override of parse227() that discards the supplied IP and substitutes self.sock.getpeername()[0].
- Use SFTP or HTTPS-based file transfer protocols for untrusted source servers, eliminating the FTP data channel trust issue entirely.
# Egress firewall example: restrict Python FTP clients to a known server allowlist
iptables -A OUTPUT -m owner --uid-owner appuser -p tcp --dport 21 -d 203.0.113.10 -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner appuser -p tcp --dport 21 -j REJECT
# Block access to cloud metadata from application host
iptables -A OUTPUT -d 169.254.169.254 -j REJECT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
