A vulnerability marked as critical has been reported in ProFTPD up to 1.3.9 . The affected element is an unknown function of the component mod_sql . This manipulation of the argument User causes Remote Code Execution. This vulnerability is handled as CVE-2026-42167 . The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.