DataHub’s LDAP Ingestion Source vulnerable to MITM attack through TLS...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

Basic Information

ID CVE-2026-25644

Source GitHub_M

Published Feb 6, 2026 at 22:40

Affected Product

Vendor datahub-project

Product datahub

Version < 1.3.1.8

Affected Versions datahub-project datahub < 1.3.1.8

CWE Classification

CWE-295

References

github.com /datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5

{
    "lastseen": "",
    "description": "DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.",
    "published": "2026-02-06T22:40:12.552Z",
    "modified": "2026-02-06T22:40:12.552Z",
    "type": "cve",
    "title": "DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade",
    "source": "GitHub_M",
    "references": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5",
    "id": "CVE-2026-25644",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "datahub-project datahub < 1.3.1.8",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "datahub",
    "version": "< 1.3.1.8",
    "vendor": "datahub-project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

DataHub’s LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade_CVE-2026-25644