In August 2024, researchers found that FileCatalyst used a publicly known static password for its internal database during setup. If this database is left reachable, it provides a direct entry point for attackers. Broader Context: The MFT Attack Trend Cerberus FTP Server 5 steps to prevent file transfer data breaches
Beyond the initial RCE discovery, further vulnerabilities have been identified that could facilitate unauthorized access: filecatalyst+hack