{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40606", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-14T14:07:59.642Z", "datePublished": "2026-04-21T17:43:21.041Z", "dateUpdated": "2026-04-21T17:43:21.041Z"}, "containers": {"cna": {"title": "ProxyAuth Addon LDAP Injection in mitmproxy", "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "lang": "en", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv"}], "affected": [{"vendor": "mitmproxy", "product": "mitmproxy", "versions": [{"version": "< 12.2.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-21T17:43:21.041Z"}, "descriptions": [{"lang": "en", "value": "mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above."}], "source": {"advisory": "GHSA-527g-3w9m-29hv", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above."}], "id": "CVE-2026-40606", "lastModified": "2026-04-21T18:16:52.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-21T18:16:52.127", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,12.2.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "mitmproxy", "source": "cna", "vendor": "mitmproxy"}, "product": "mitmproxy", "vendor": "mitmproxy"}], "analysis": {"en": {"generated_at": "2026-04-22T05:38:03.610840+00:00", "value": {"mitigation_remediation": ["Upgrade mitmproxy to version 12.2.2 or later to apply the LDAP input sanitization fix.", "If LDAP-based proxyauth is not required, disable the proxyauth option in the configuration to eliminate the attack surface.", "Monitor proxy logs and network traffic for suspicious LDAP queries or unauthorized authentication attempts to detect potential exploitation attempts."], "summary": {"action": "Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "mitmproxy, an interactive TLS\u2011capable intercepting HTTP proxy used by penetration testers and developers. Any instance that has the proxyauth option with LDAP enabled and is running version 12.2.1 or earlier is affected. Versions 12.2.2 and later contain the fix and are not vulnerable.", "description_and_impact": "The vulnerability exists in mitmproxy versions 12.2.1 and earlier; the built\u2011in LDAP proxy authentication does not correctly sanitize the username field, allowing an LDAP injection that enables a malicious client to bypass authentication when the proxyauth option is enabled. This flaw permits an attacker to authenticate as any user and gain access to intercept traffic and potentially privileged actions within the tool.", "risk_and_exploitability": "The CVSS base score is 4.8, reflecting moderate risk. EPSS is not available and the vulnerability is not listed in CISA KEV. The attack vector is remote; an attacker who can send crafted LDAP queries to the proxy can exploit the flaw and authenticate as any user, gaining unauthorized access to intercepted data and the proxy\u2019s internal functionality."}}}}, "created": "2026-04-22T03:30:06.543917+00:00", "updated": "2026-04-22T05:45:09.824780+00:00", "vendors": ["mitmproxy", "mitmproxy$PRODUCT$mitmproxy"]}