CVE-2026-40606

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions mitmproxy versions prior to 12.2.2

Description The builtin LDAP proxy authentication fails to correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. This issue only affects instances using the proxyauth option with LDAP, which is not enabled by default.

Recommendations Update to version 12.2.2 or above. As a temporary workaround, disable the proxyauth option with LDAP to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-90

Related Identifiers

CVE-2026-40606

GHSA-527G-3W9M-29HV

OPENSUSE-SU-2026:10622-1

PYSEC-2026-92

Affected Products

Mitmproxy

CVE-2026-40606

Weakness Enumeration

Related Identifiers

Affected Products

References · 14