6 Million FTP Servers Remain Exposed in 2026, Censys Reports
Severity: Medium (Score: 51.9)
Sources: Cybersecuritynews, Gbhackers
Summary
As of April 2026, a report from Censys reveals that nearly 6 million internet-facing hosts are still operating the outdated File Transfer Protocol (FTP). This represents a 40% decrease from the 10.1 million servers identified in 2024, indicating some progress in reducing exposure risks. However, the persistence of these servers poses significant security vulnerabilities, primarily due to misconfigurations and default settings on various platforms. The report highlights that the ongoing use of FTP is not limited to dedicated file transfer systems but includes a dangerous accumulation of default configurations across numerous applications. Organizations relying on these exposed servers may face potential data breaches and unauthorized access. The situation remains critical as the outdated protocol continues to be a target for attackers. Security professionals are urged to assess their infrastructure and mitigate risks associated with FTP exposure. Key Points: • Nearly 6 million FTP servers are still exposed as of April 2026. • This marks a 40% decline from 10.1 million servers in 2024. • Misconfigurations and platform defaults are major contributors to FTP vulnerabilities.