Verified — ProFTPD ACL bypass via /proc/self/root path prefix in RNFR
Severity HIGH
Confidence HIGH
Reproduced in 88m 18s
Tool calls 258
Spend $3.79
Affected ProFTPD through 1.3.9b and through 1.3.10rc2
$
pruva-verify REPRO-2026-00193 or
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00193/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Run in a VM or disposable container. This exploits a real vulnerability.
CVE-2026-35025
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.
bundle/repro/ftp-root/public/leaked.txt0.1 KBbundle/repro/proftpd.group0.0 KBbundle/repro/artifacts/ftp_exploit_output.txt4.7 KBbundle/repro/proftpd.conf1.0 KBbundle/repro/runtime_manifest.json0.7 KBbundle/repro/ftp_exploit.py3.7 KBbundle/repro/proftpd.passwd0.2 KBbundle/repro/validation_verdict.json0.7 KBbundle/ticket.json1.7 KBbundle/ticket.md0.9 KBbundle/logs/proftpd.log3.6 KBbundle/logs/reproduction_steps.log532.9 KBbundle/logs/dele_variant_patched_test.log0.5 KBbundle/logs/proftpd_patched_variant.log3.7 KBbundle/logs/proftpd_dele_patched.log3.7 KBbundle/logs/proftpd_dele.log3.6 KBbundle/logs/proftpd_patched_configure.log21.0 KBbundle/logs/proftpd_vuln_variant.log3.7 KBbundle/logs/proftpd_patched_build.log26.0 KBbundle/logs/variant_reproduction_steps.log1.9 KBbundle/logs/dele_variant_test.log3.6 KBbundle/repro/reproduction_steps.sh12.9 KBbundle/repro/rca_report.md7.7 KBbundle/coding/logs/proftpd_build.log4.5 KBbundle/coding/logs/proftpd_verify.log3.7 KBbundle/coding/proposed_fix.diff0.7 KBbundle/coding/summary_report.md4.7 KBbundle/coding/verify_env/ftp-root/protected/secret.txt0.0 KBbundle/coding/verify_env/ftp-root/protected/secret2.txt0.0 KBbundle/coding/verify_env/ftp-root/public/file_renamed.txt0.0 KBbundle/coding/verify_env/proftpd.conf1.1 KBbundle/coding/verify_env/proftpd.group0.0 KBbundle/coding/verify_env/proftpd.passwd0.2 KBbundle/coding/verify_fix.sh6.7 KBbundle/vuln_variant/patch_analysis.md5.9 KBbundle/vuln_variant/rca_report.md8.1 KBbundle/vuln_variant/reproduction_steps.sh9.5 KBbundle/vuln_variant/root_cause_equivalence.json1.6 KBbundle/vuln_variant/runtime_manifest.json0.9 KBbundle/vuln_variant/source_identity.json1.0 KBbundle/vuln_variant/test_dele_patched.sh5.1 KBbundle/vuln_variant/test_dele_variant.sh4.5 KBbundle/vuln_variant/validation_verdict.json1.0 KBbundle/vuln_variant/variant_manifest.json2.7 KB