Unrelated but also a CVE that popped up for ProFTPd: https://www.openwall.com/lists/oss-security/2026/05/01/4
What's interesting is that their website is also down right now. These seem like special-timed DDos attacks so maintainers cannot communicate the issue well.
I suspect there are very few real setups affected by that proftpd bug.
Nobody is ddosing anything to cover it up.