VYPR
High severity7.4GHSA Advisory· Published May 13, 2026· Updated May 15, 2026

CVE-2026-41132

CVE-2026-41132

Description

CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ckanPyPI
>= 2.11.0, < 2.11.52.11.5
ckanPyPI
< 2.10.102.10.10

Affected products

3
  • Ckan/CkanGHSA2 versions
    < 2.10.10+ 1 more
    • (no CPE)range: < 2.10.10
    • cpe:2.3:a:okfn:ckan:*:*:*:*:*:*:*:*range: <2.10.10
  • ghsa-coords
    Range: >= 2.11.0, < 2.11.5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.