← Back
2026-02-06 22:40CVE-2026-25644GitHub_M
PUBLISHED5.2CWE-295

DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

Problem type

Affected products

datahub-project

datahub

< 1.3.1.8 - AFFECTED

References

https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5

https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5

x_refsource_CONFIRM

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-25644
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-25644",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-02-06T22:40:12.552Z",
    "dateReserved": "2026-02-04T05:15:41.791Z",
    "datePublished": "2026-02-06T22:40:12.552Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-02-06T22:40:12.552Z"
      },
      "title": "DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade",
      "descriptions": [
        {
          "lang": "en",
          "value": "DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8."
        }
      ],
      "affected": [
        {
          "vendor": "datahub-project",
          "product": "datahub",
          "versions": [
            {
              "version": "< 1.3.1.8",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-295: Improper Certificate Validation",
              "cweId": "CWE-295",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5",
          "name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH"
          }
        }
      ]
    }
  }
}