CVE-2023-40044 — Progress WS_FTP Server

known ransomware use

Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability

Added to KEV

2023-10-05

Federal due date

2023-10-26

Vendor

Progress

Product

WS_FTP Server

EPSS

100.0th percentile (score 0.944, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Known

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2023-40044

CISA short description

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.