Browse all 5 CVE security advisories affecting mitmproxy. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Mitmproxy serves as an interactive HTTPS proxy for intercepting, inspecting, and modifying web traffic, primarily used for debugging and security testing. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure handling of network data. The tool maintains a strong security focus but has faced incidents like CVE-2021-23241, which allowed RCE through crafted certificates. Mitmproxy's architecture requires careful configuration to prevent misuse, as its interception capabilities could be exploited in unauthorized monitoring. Despite these risks, it remains a valuable security tool when properly implemented.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40606 | ProxyAuth Addon LDAP Injection in mitmproxy — mitmproxyCWE-90 | 4.8 | Medium | 2026-04-21 |
| CVE-2025-23217 | Mitmweb API Authentication Bypass Using Proxy Server — mitmproxyCWE-288 | 9.1 | - | 2025-02-06 |
| CVE-2024-38526 | pdoc embeds link to malicious CDN if math mode is enabled — pdocCWE-1395 | - | High | 2024-06-25 |
| CVE-2022-24766 | Insufficient Protection against HTTP Request Smuggling in mitmproxy — mitmproxyCWE-444 | 9.8 | Critical | 2022-03-21 |
| CVE-2021-39214 | Lacking Protection against HTTP Request Smuggling in mitmproxy — mitmproxyCWE-444 | 8.1 | High | 2021-09-16 |
This page lists every published CVE security advisory associated with mitmproxy. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.