{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "network_service",
  "evidence_scope": "production_path",
  "claimed_impact_class": "access_control_bypass_file_rename_and_retrieval",
  "observed_impact_class": "authz_bypass_file_deletion",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "DELE path argument prefixed with /proc/self/root",
  "trigger_path": "ProFTPD DELE command handler (core_dele) -> dir_canonical_path() -> dir_check()",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false,
  "notes": "This is a confirmed bypass of the proposed/upstream RNFR-only fix. The same /proc/self/root prefix that bypasses Directory ACLs in RNFR also bypasses them in DELE, and the DELE variant still succeeds after the proposed patch is applied to core_rnfr()."
}
