CVE-2026-40193— Maddy Mail Server: LDAP Filter Injection via Unsanitized Username
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40193
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Maddy Mail Server: LDAP Filter Injection via Unsanitized Username
Source: NVD (National Vulnerability Database)
Vulnerability Description
maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap/ldap/v3 library's ldap.EscapeFilter() function being available in the same import. This affects three code paths: the Lookup() filter, the AuthPlain() DN template, and the AuthPlain() filter. An attacker with network access to the SMTP submission or IMAP interface can inject arbitrary LDAP filter expressions through the username field in AUTH PLAIN or LOGIN commands. This enables identity spoofing by manipulating filter results to authenticate as another user, LDAP directory enumeration via wildcard filters, and blind extraction of LDAP attribute values using authentication responses as a boolean oracle or via timing side-channels between the two distinct failure paths. This issue has been fixed in version 0.9.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Maddy Mail Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Maddy Mail Server是俄罗斯Max Mazurov个人开发者的一个可组合的多合一邮件服务器。 Maddy Mail Server 0.9.3之前版本存在安全漏洞,该漏洞源于auth.ldap模块中用户提供的用户名在未进行LDAP过滤器转义的情况下被插入到LDAP搜索过滤器和DN字符串中,可能导致身份欺骗、LDAP目录枚举或通过身份验证响应提取LDAP属性值。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-40193
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40193
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-90
- CVE-2026-40606
ProxyAuth Addon LDAP Injection in mitmproxy - CVE-2026-40459
LDAP Injection in PAC4J - CVE-2026-0636
LDAP Injection Vulnerability in LDAPStoreHelper.java - CVE-2026-39962
LDAP injection in MISP ApacheAuthenticate when using a user- - CVE-2026-34578
OPNsense has an LDAP Injection via Unsanitized Username in A
V. Comments for CVE-2026-40193
No comments yet