CVE-2026-41132— CKAN: No certificate validation on STMP connection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41132
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CKAN: No certificate validation on STMP connection
Source: NVD (National Vulnerability Database)
Vulnerability Description
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in 2.10.10 and 2.11.5.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
CKAN 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CKAN是CKAN开源的一个开源 DMS(数据管理系统)。用于为数据中心和数据门户提供动力。 CKAN 2.10.10之前版本和2.11.5之前版本存在信任管理问题漏洞,该漏洞源于配置的SMTP服务器可能被任何证书欺骗,导致凭据和所有发送的电子邮件暴露于中间人攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41132
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41132
请登录查看更多情报信息。
- https://github.com/ckan/ckan/security/advisories/GHSA-mpfm-fpgx-647qx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-41132
Same Patch Batch · ckan · 2026-05-13 · 4 CVEs total
| CVE-2026-41255 | 6.1 MEDIUM | CKAN: CSRF exemption primed by anonymous requests |
| CVE-2026-42032 | CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql` | |
| CVE-2026-42031 | CKAN: Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql` |
IV. Related Vulnerabilities
Same product: ckan
- CVE-2026-42032
CKAN: Unauthenticated Authorization Bypass in `datastore_sea - CVE-2026-41255
CKAN: CSRF exemption primed by anonymous requests - CVE-2026-42031
CKAN: Unauthenticated SQL Injection and Authorization Bypass - CVE-2025-64100
CKAN Vulnerable to Session Cookie Fixation - CVE-2025-54384
CKAN stored XSS vulnerability in Markdown description fields
Same vendor: ckan
- CVE-2026-42032
CKAN: Unauthenticated Authorization Bypass in `datastore_sea - CVE-2026-41255
CKAN: CSRF exemption primed by anonymous requests - CVE-2026-42031
CKAN: Unauthenticated SQL Injection and Authorization Bypass - CVE-2025-64100
CKAN Vulnerable to Session Cookie Fixation - CVE-2025-54384
CKAN stored XSS vulnerability in Markdown description fields
Same weakness: CWE-295
- CVE-2026-44700
Elixir WebRTC: Missing DTLS peer fingerprint validation in e - CVE-2026-23998
Fleet has a Windows MDM management endpoint authentication b - CVE-2026-32992
cPanel 信任管理问题漏洞 - CVE-2026-44363
Unsafe remote resource fetching in expansion misp-modules - CVE-2026-0248
Prisma Access Agent: Improper Certificate Validation Vulnera
V. Comments for CVE-2026-41132
No comments yet