A vulnerability classified as problematic has been found in Monsta Limited of New Zealand Monsta FTP up to 2.14.4. Affected by this issue is the function isBlockedIP of the component IP Blocklist Handler. Performing a manipulation of the argument URL results in server-side request forgery.

This vulnerability was named CVE-2026-60105. The attack may be initiated remotely. There is no available exploit.