Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVE-2026-55568 (GCVE-0-2026-55568)
Vulnerability from cvelistv5 – Published: 2026-06-23 14:54 – Updated: 2026-06-23 15:44
VLAI
Title
Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext
Summary
Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD) are sent without encryption, and the CONNECT target host and port for tunneled HTTPS requests are exposed. The built-in cURL handlers (GuzzleHttp\Handler\CurlHandler and GuzzleHttp\Handler\CurlMultiHandler, used by default whenever the PHP cURL extension is available) accept an https:// proxy. libcurl older than 7.50.2 silently treats an https:// proxy as a plaintext http:// proxy. The TLS connection to the proxy is never established, and the proxy leg is cleartext with no error or warning. An application is affected when it sends requests through one of the built-in cURL handlers, configures an https:// proxy expecting the proxy connection itself to be encrypted, and runs with libcurl older than 7.50.2. This vulnerability is fixed in 7.12.1.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/guzzle/guzzle/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T15:44:34.695690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:44:40.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "guzzle",
"vendor": "guzzle",
"versions": [
{
"status": "affected",
"version": "\u003c 7.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPT_PROXYUSERPWD) are sent without encryption, and the CONNECT target host and port for tunneled HTTPS requests are exposed. The built-in cURL handlers (GuzzleHttp\\Handler\\CurlHandler and GuzzleHttp\\Handler\\CurlMultiHandler, used by default whenever the PHP cURL extension is available) accept an https:// proxy. libcurl older than 7.50.2 silently treats an https:// proxy as a plaintext http:// proxy. The TLS connection to the proxy is never established, and the proxy leg is cleartext with no error or warning. An application is affected when it sends requests through one of the built-in cURL handlers, configures an https:// proxy expecting the proxy connection itself to be encrypted, and runs with libcurl older than 7.50.2. This vulnerability is fixed in 7.12.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T14:54:23.655Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3"
}
],
"source": {
"advisory": "GHSA-wpwq-4j6v-78m3",
"discovery": "UNKNOWN"
},
"title": "Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55568",
"datePublished": "2026-06-23T14:54:23.655Z",
"dateReserved": "2026-06-16T23:11:20.214Z",
"dateUpdated": "2026-06-23T15:44:40.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6066 (GCVE-0-2026-6066)
Vulnerability from cvelistv5 – Published: 2026-04-20 15:26 – Updated: 2026-04-20 16:13
VLAI
Title
Unencrypted Client‑Server Communication in ConnectWise Automate™ Solution Center
Summary
ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network‑based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext transmission of sensitive information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ConnectWise | Automate |
Affected:
All versions prior to 2026.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:12:51.126302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:13:06.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Solution Center"
],
"product": "Automate",
"vendor": "ConnectWise",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2026.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ConnectWise has released a security update for ConnectWise Automate\u2122 that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network\u2011based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections."
}
],
"value": "ConnectWise has released a security update for ConnectWise Automate\u2122 that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur without transport-layer encryption. This could allow network\u2011based interception of Solution Center traffic in Automate deployments. The issue has been resolved in Automate 2026.4 by enforcing secure communication for affected Solution Center connections."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117 Interception"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext transmission of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:26:31.843Z",
"orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"shortName": "ConnectWise"
},
"references": [
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/2026-04-20-connectwise-automate-bulletin"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cb\u003eRemediation\u003c/b\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cu\u003eCloud:\u003c/u\u003e\u0026nbsp;\u003cspan\u003eNo action is required.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003e\u003cu\u003eOn-Premise:\u003c/u\u003e\u0026nbsp;\u003c/span\u003e\u003cspan\u003eApply the 2026.4 release.\u003c/span\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eFor instruction on updating to the newest release, please\nreference this doc: \u003ca href=\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/100/Automate_Release_Notes_Version_2026\"\u003eAutomate Release Notes Version 2026 - ConnectWise\u003c/a\u003e \u003c/p\u003e\u003cp\u003eAfter applying the update, on-premises customers must\nensure the following configurations are in place:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAn SSL certificate is bound to the Solution\nCenter on port 8484 to establish secure communication. Refer to the ConnectWise documentation for configuration steps: \u003ca href=\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/070/270/Solution_Center_Client_and_Service_HTTPS_Update\"\u003eSolution Center Client and\nService HTTPS Update - ConnectWise\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003cspan\u003eIn some environments, antivirus or endpoint\nprotection products may interfere with the Automate patch installer or service\nbehavior during upgrades. If issues are encountered during installation or\nstartup, refer to the ConnectWise documentation for recommended antivirus\nexclusions:\u003c/span\u003e\u003cspan\u003e \u003c/span\u003e\u003ca href=\"https://docs.connectwise.com/ConnectWise_Automate_Documentation/060/040/010\"\u003eAutomate Antivirus Exclusions for Windows\u003c/a\u003e\u003c/li\u003e\u003cli\u003eEnsure that the LTShare has a minimum of 1 GB of\nfree disk space prior to installation.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\n\n\n\n\n\n\n\n\u003c/p\u003e\u003cp\u003eIf you experience issues completing the update or\nrequired configuration steps, please contact \u003ca href=\"mailto:help@connectwise.com\"\u003eConnectWise\nSupport\u003c/a\u003e for assistance.\u003c/p\u003e"
}
],
"value": "Remediation\n\n\n\nCloud:\u00a0No action is required.\u00a0\n\nOn-Premise:\u00a0Apply the 2026.4 release.\n\n\nFor instruction on updating to the newest release, please\nreference this doc: Automate Release Notes Version 2026 - ConnectWise https://docs.connectwise.com/ConnectWise_Automate_Documentation/100/Automate_Release_Notes_Version_2026 \n\nAfter applying the update, on-premises customers must\nensure the following configurations are in place:\n\n\n\n * An SSL certificate is bound to the Solution\nCenter on port 8484 to establish secure communication. Refer to the ConnectWise documentation for configuration steps: Solution Center Client and\nService HTTPS Update - ConnectWise\n * In some environments, antivirus or endpoint\nprotection products may interfere with the Automate patch installer or service\nbehavior during upgrades. If issues are encountered during installation or\nstartup, refer to the ConnectWise documentation for recommended antivirus\nexclusions: Automate Antivirus Exclusions for Windows https://docs.connectwise.com/ConnectWise_Automate_Documentation/060/040/010 \n * Ensure that the LTShare has a minimum of 1 GB of\nfree disk space prior to installation.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nIf you experience issues completing the update or\nrequired configuration steps, please contact ConnectWise\nSupport for assistance."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unencrypted Client\u2011Server Communication in ConnectWise Automate\u2122 Solution Center",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
"assignerShortName": "ConnectWise",
"cveId": "CVE-2026-6066",
"datePublished": "2026-04-20T15:26:31.843Z",
"dateReserved": "2026-04-10T13:19:03.212Z",
"dateUpdated": "2026-04-20T16:13:06.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7610 (GCVE-0-2026-7610)
Vulnerability from cvelistv5 – Published: 2026-05-02 09:15 – Updated: 2026-05-04 13:42 Unsupported When Assigned
VLAI
Title
TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission
Summary
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360567 | vdb-entry |
| https://vuldb.com/vuln/360567/cti | signaturepermissions-required |
| https://vuldb.com/submit/806217 | third-party-advisory |
| https://github.com/IOTRes/IOT_Firmware_Update/blo… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TRENDnet | TEW-821DAP |
Affected:
1.12B01
cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:42:36.242792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:42:45.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*"
],
"modules": [
"Firmware Update"
],
"product": "TEW-821DAP",
"vendor": "TRENDnet",
"versions": [
{
"status": "affected",
"version": "1.12B01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "IOT_Res (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor explains: \"That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling\". This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-02T09:15:10.757Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360567 | TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/360567"
},
{
"name": "VDB-360567 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360567/cti"
},
{
"name": "Submit #806217 | Trendnet TEW-821DAP v1.12B01 CWE-319: Cleartext Transmission of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/806217"
},
{
"tags": [
"patch"
],
"url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Down.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-01T14:13:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "TRENDnet TEW-821DAP Firmware Update ssi cleartext transmission"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7610",
"datePublished": "2026-05-02T09:15:10.757Z",
"dateReserved": "2026-05-01T12:07:37.870Z",
"dateUpdated": "2026-05-04T13:42:45.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7666 (GCVE-0-2026-7666)
Vulnerability from cvelistv5 – Published: 2026-06-03 13:16 – Updated: 2026-06-03 15:43
VLAI
Title
Potential unencrypted email transmission via STARTTLS in the SMTP backend
Summary
An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.
`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake when `fail_silently=True`, which allows on-path network attackers to read email content via cleartext interception.
Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Kasper Dupont for reporting this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://docs.djangoproject.com/en/dev/releases/se… | vendor-advisory |
| https://groups.google.com/g/django-announce | mailing-list |
| https://www.djangoproject.com/weblog/2026/jun/03/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| djangoproject | Django |
Affected:
6.0 , < 6.0.6
(python)
Unaffected: 6.0.6 (python) Affected: 5.2 , < 5.2.15 (python) Unaffected: 5.2.15 (python) |
Date Public
2026-06-03 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T15:43:26.714914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T15:43:34.012Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/Django/",
"defaultStatus": "unaffected",
"packageName": "django",
"product": "Django",
"repo": "https://github.com/django/django/",
"vendor": "djangoproject",
"versions": [
{
"lessThan": "6.0.6",
"status": "affected",
"version": "6.0",
"versionType": "python"
},
{
"status": "unaffected",
"version": "6.0.6",
"versionType": "python"
},
{
"lessThan": "5.2.15",
"status": "affected",
"version": "5.2",
"versionType": "python"
},
{
"status": "unaffected",
"version": "5.2.15",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kasper Dupont"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jake Howard"
},
{
"lang": "en",
"type": "coordinator",
"value": "Natalia Bidart"
}
],
"datePublic": "2026-06-03T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.\u003c/p\u003e\u003cp\u003e\u003ccode\u003edjango.core.mail.backends.smtp.EmailBackend\u003c/code\u003e in Django fails to prevent reuse of a partially-initialized connection after a failed \u003ccode\u003eSTARTTLS\u003c/code\u003e handshake when \u003ccode\u003efail_silently=True\u003c/code\u003e, which allows on-path network attackers to read email content via cleartext interception.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Kasper Dupont for reporting this issue.\u003c/p\u003e"
}
],
"value": "An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.\n`django.core.mail.backends.smtp.EmailBackend` in Django fails to prevent reuse of a partially-initialized connection after a failed `STARTTLS` handshake when `fail_silently=True`, which allows on-path network attackers to read email content via cleartext interception.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Kasper Dupont for reporting this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94: Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
"value": "low"
},
"type": "Django severity rating"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319: Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:16:15.446Z",
"orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
"shortName": "DSF"
},
"references": [
{
"name": "Django security archive",
"tags": [
"vendor-advisory"
],
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"name": "Django releases announcements",
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/django-announce"
},
{
"name": "Django security releases issued: 6.0.6 and 5.2.15",
"tags": [
"vendor-advisory"
],
"url": "https://www.djangoproject.com/weblog/2026/jun/03/security-releases/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-04-22T00:00:00.000Z",
"value": "Initial report received."
},
{
"lang": "en",
"time": "2026-05-12T00:00:00.000Z",
"value": "Vulnerability confirmed."
},
{
"lang": "en",
"time": "2026-06-03T08:00:00.000Z",
"value": "Security release issued."
}
],
"title": "Potential unencrypted email transmission via STARTTLS in the SMTP backend",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
"assignerShortName": "DSF",
"cveId": "CVE-2026-7666",
"datePublished": "2026-06-03T13:16:15.446Z",
"dateReserved": "2026-05-01T19:59:31.353Z",
"dateUpdated": "2026-06-03T15:43:34.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9741 (GCVE-0-2026-9741)
Vulnerability from cvelistv5 – Published: 2026-06-09 21:56 – Updated: 2026-06-10 13:21
VLAI
Title
Client side encryption fails to encrypt values in a $vectorSearch
Summary
A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext transmission of sensitive information
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB | MongoDB Server |
Affected:
8.3.0 , < 8.3.3
(custom)
Affected: 8.2.0 , < 8.2.10 (custom) Affected: 8.0.0 , < 8.0.24 (custom) Affected: 7.0.0 , < 7.0.35 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T13:21:22.665880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T13:21:39.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB",
"versions": [
{
"lessThan": "8.3.3",
"status": "affected",
"version": "8.3.0",
"versionType": "custom"
},
{
"lessThan": "8.2.10",
"status": "affected",
"version": "8.2.0",
"versionType": "custom"
},
{
"lessThan": "8.0.24",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThan": "7.0.35",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext."
}
],
"value": "A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of ciphertext."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext transmission of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T21:56:01.111Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-123507"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Client side encryption fails to encrypt values in a $vectorSearch",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2026-9741",
"datePublished": "2026-06-09T21:56:01.111Z",
"dateReserved": "2026-05-27T17:33:47.392Z",
"dateUpdated": "2026-06-10T13:21:39.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Before transmitting, encrypt the data using reliable, confidentiality-protecting cryptographic protocols.
Mitigation
Phase: Implementation
Description:
- When using web applications with SSL, use SSL for the entire session from login to logout, not just for the initial login page.
Mitigation
Phase: Implementation
Description:
- When designing hardware platforms, ensure that approved encryption algorithms (such as those recommended by NIST) protect paths from security critical data to trusted user applications.
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
Mitigation
Phase: Operation
Description:
- Configure servers to use encrypted channels for communication, which may include SSL or other secure protocols.
CAPEC-102: Session Sidejacking
Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
CAPEC-117: Interception
An adversary monitors data streams to or from the target for information gathering purposes. This attack may be undertaken to solely gather sensitive information or to support a further attack against the target. This attack pattern can involve sniffing network traffic as well as other types of data streams (e.g. radio). The adversary can attempt to initiate the establishment of a data stream or passively observe the communications as they unfold. In all variants of this attack, the adversary is not the intended recipient of the data stream. In contrast to other means of gathering information (e.g., targeting data leaks), the adversary must actively position themself so as to observe explicit data channels (e.g. network traffic) and read the content. However, this attack differs from a Adversary-In-the-Middle (CAPEC-94) attack, as the adversary does not alter the content of the communications nor forward data to the intended recipient.
CAPEC-383: Harvesting Information via API Event Monitoring
An adversary hosts an event within an application framework and then monitors the data exchanged during the course of the event for the purpose of harvesting any important data leaked during the transactions. One example could be harvesting lists of usernames or userIDs for the purpose of sending spam messages to those users. One example of this type of attack involves the adversary creating an event within the sub-application. Assume the adversary hosts a "virtual sale" of rare items. As other users enter the event, the attacker records via AiTM (CAPEC-94) proxy the user_ids and usernames of everyone who attends. The adversary would then be able to spam those users within the application using an automated script.
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
An attacker exploits the underlying complexity of a data structure that allows for both signed and unsigned content, to cause unsigned data to be processed as though it were signed data.
CAPEC-65: Sniff Application Code
An adversary passively sniffs network communications and captures application code bound for an authorized client. Once obtained, they can use it as-is, or through reverse-engineering glean sensitive information or exploit the trust relationship between the client and server. Such code may belong to a dynamic update to the client, a patch being applied to a client component or any such interaction where the client is authorized to communicate with the server.