PT-2026-37108 · Ckan+2 · Ckan
Published
2026-04-29
·
Updated
2026-05-13
·
CVE-2026-41132
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
CKAN versions prior to 2.10.10
CKAN versions prior to 2.11.5
Description
The configured SMTP server may be spoofed using any certificate, such as a self-signed one. This allows for Man-in-the-Middle (MITM) attacks, where an attacker intercepts communication between two parties, potentially exposing credentials and all transmitted emails.
Recommendations
Update to version 2.10.10.
Update to version 2.11.5.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckan