CVE-2026-39807

EPSS 0.45%
Veröffentlicht 01.05.2026 20:34:22
Zuletzt bearbeitet 05.05.2026 19:37:28
Quelle 6b3ad84c-e1a6-4bf7-a703-f496b7
CVE-Watchlists
Login
Unerledigt
Login

Client-supplied URI scheme trusted without transport verification in bandit

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections.

'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex returns the client-supplied URI scheme verbatim, ignoring the transport's secure? flag. HTTP/1.1 absolute-form request targets (e.g. GET https://victim/path HTTP/1.1) and the HTTP/2 :scheme pseudo-header are both attacker-controlled strings that flow through this function. Over a plaintext TCP connection, a client can declare https and Bandit will set conn.scheme = :https even though no TLS was negotiated.

Downstream Plug consumers that branch on conn.scheme are silently misled: Plug.SSL's already-secure branch skips its HTTP→HTTPS redirect, cookies emitted with secure: true are sent over plaintext, audit logs record requests as having arrived over HTTPS, and CSRF/SameSite gating may make incorrect decisions.

This issue affects bandit: from 1.0.0 before 1.11.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellermtrudel

≫

Produkt bandit

Default Statusunaffected

Version 1.0.0

Version < 1.11.0

Status affected

Herstellermtrudel

≫

Produkt bandit

Default Statusunaffected

Version ff2f829326cd5dcf7335939aef9775269d881e28

Version < 45feea20dea8af7ffd7245271107b695c040e667

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.45%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
6b3ad84c-e1a6-4bf7-a703-f496b71e49db	6.3	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-807 Reliance on Untrusted Inputs in a Security Decision

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

https://github.com/mtrudel/bandit/security/advisories/GHSA-375f-4r2h-f99j

https://cna.erlef.org/cves/CVE-2026-39807.html

https://osv.dev/vulnerability/EEF-CVE-2026-39807

https://github.com/mtrudel/bandit/commit/45feea20dea8af7ffd7245271107b695c040e667

https://nvd.nist.gov/vuln/detail/CVE-2026-39807

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-39807

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-39807

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-39807