CISA Adds Critical CrushFTP Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting CrushFTP to its catalog of known exploited vulnerabilities (KEV) following reports confirming active exploitation. This vulnerability allows an unauthenticated attacker to bypass authentication and take control of vulnerable instances. The flaw was recently disclosed and involves an authentication failure.