{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25644", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-04T05:15:41.791Z", "datePublished": "2026-02-06T22:40:12.552Z", "dateUpdated": "2026-02-09T15:26:23.022Z"}, "containers": {"cna": {"title": "DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade", "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "lang": "en", "description": "CWE-295: Improper Certificate Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5"}], "affected": [{"vendor": "datahub-project", "product": "datahub", "versions": [{"version": "< 1.3.1.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T22:40:12.552Z"}, "descriptions": [{"lang": "en", "value": "DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8."}], "source": {"advisory": "GHSA-j34h-x7qg-4qw5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:21:50.994524Z", "id": "CVE-2026-25644", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:26:23.022Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25644", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:21:50.994524Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:21:51.835Z"}}], "cna": {"title": "DataHub's LDAP Ingestion Source vulnerable to MITM attack through TLS downgrade", "source": {"advisory": "GHSA-j34h-x7qg-4qw5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "datahub-project", "product": "datahub", "versions": [{"status": "affected", "version": "< 1.3.1.8"}]}], "references": [{"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5", "name": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T22:40:12.552Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25644", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:26:23.022Z", "dateReserved": "2026-02-04T05:15:41.791Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T22:40:12.552Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:datahub:datahub:*:*:*:*:*:*:*:*", "matchCriteriaId": "65F176DB-8B6C-4A60-9BAE-A34785A4C8E3", "versionEndExcluding": "1.3.1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8."}], "id": "CVE-2026-25644", "lastModified": "2026-02-20T21:03:18.023", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T23:15:54.077", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:26:25.788248+00:00", "value": {"mitigation_remediation": ["Upgrade DataHub to version 1.3.1.8 or newer to apply the TLS downgrade protection.", "Confirm that the LDAP ingestion connector is configured to enforce strict certificate validation and to use only TLS 1.2 or higher with secure cipher suites.", "Deploy network monitoring to detect abnormal TLS downgrade attempts or unexpected LDAP traffic patterns, and block or alert on such events."], "summary": {"action": "Apply Patch", "impact": "Man\u2011in\u2011the\u2011middle compromise of LDAP traffic"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts the open\u2011source DataHub platform by datahub-project. All installations running any version older than 1.3.1.8 are susceptible; the fix is delivered in version 1.3.1.8 and later.", "description_and_impact": "DataHub versions before 1.3.1.8 contained an LDAP ingestion source that accepts downgraded TLS connections, allowing a man\u2011in\u2011the\u2011middle attacker to intercept or tamper with LDAP traffic. This flaw, classified as CWE\u2011295, permits unauthorized modification or theft of credentials and other metadata exchanged during LDAP queries, thereby undermining both confidentiality and integrity of the data collected by DataHub.", "risk_and_exploitability": "The CVSS score of 7.5 places the weakness in the high\u2011risk category, while the EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. Based on the description, it is inferred that an attacker would need the ability to influence the TLS handshake of the LDAP ingestion connector, which typically requires network access to the DataHub service or a compromised LDAP server."}}}}, "created": "2026-02-09T10:45:11.038607+00:00", "updated": "2026-04-18T13:30:45.748893+00:00", "vendors": ["datahub_project", "datahub_project$PRODUCT$datahub"]}