CKAN CVE-2026-41132

MEDIUM

Improper Certificate Validation (CWE-295)

2026-04-29 https://github.com/ckan/ckan

GHSA-mpfm-fpgx-647q

Information Disclosure

Lifecycle Timeline

Source Code Evidence Fetched

Apr 29, 2026 - 20:59 vuln.today

Analysis Generated

Apr 29, 2026 - 20:59 vuln.today

DescriptionNVD

Impact

Configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks.

Patches

The vulnerability has been patched in CKAN 2.10.10 and CKAN 2.11.5

AnalysisAI

CKAN fails to validate SMTP server certificates, allowing attackers to spoof the configured mail server with any certificate including self-signed ones and intercept SMTP credentials and email content via man-in-the-middle attack. Versions below 2.10.10 and 2.11.0 through 2.11.4 are affected. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41132 vulnerability details – vuln.today

Back