216.73.217.50

CVE-2026-40606

· Published 21/04/2026 18:16 · Modified 22/04/2026 21:24

Labels: CVE-2026-40606 2026-04-21CVE-2026-40606CWE-90[email protected]

Essential information

Published
21/04/2026 18:16
Modified
22/04/2026 21:24
Author
Creator
CVSS
4.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mitmproxy / mitmproxy cpe:2.3:a:mitmproxy:mitmproxy:12.2.1:*:*:*:*:*:*:*
mitmproxy / mitmweb cpe:2.3:a:mitmproxy:mitmweb:12.2.1:*:*:*:*:*:*:*

References