UBUNTU-CVE-2026-40606

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-40606

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-40606

Upstream

CVE-2026-40606

Published

2026-04-21T18:16:00Z

Modified

2026-05-20T16:25:40.468067500Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above.

References

Affected packages

Ubuntu:16.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.3-3

0.12.1-2

0.13-1

0.15-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "0.15-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:18.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.2-2

2.0.2-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "2.0.2-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:20.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.4-6

4.0.4-6.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "4.0.4-6.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:22.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "6.0.2-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:24.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "8.1.1-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:25.10

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1-2

8.1.1-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "8.1.1-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"

Ubuntu:26.04:LTS

mitmproxy

Package

Name: mitmproxy
Purl: pkg:deb/ubuntu/mitmproxy?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1-3

8.1.1-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "mitmproxy",
            "binary_version": "8.1.1-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40606.json"