ГлавнаяУязвимости → CVE-2026-41132
7.4высокая

CVE-2026-41132

Описание

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5.

Затрагиваемое ПО
Okfn Ckan
CVSS
Балл7.4 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647q