CVE-2026-41319

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

CVE-2026-41319

Summary (CVE-2026-41319) MailKit (MimeKit-based) exposes a STARTTLS vulnerability where the internal read buffers of SmtpStream, ImapStream, and Pop3Stream are not flushed when upgrading to TLS with SslStream. This allows pre-TLS attacker-injected data to be treated as post-TLS, enabling a MITM-b...

EUVD-2026-25388

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

CVE-2026-20996

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

EUVD-2026-12309

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

CVE-2026-20996

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

CVE-2026-20996

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication...

CVE-2026-20996

CVE-2026-20996 affects Smart Switch prior to version 3.7.69.15, where use of a broken or risky cryptographic algorithm enables remote attackers to downgrade the authentication scheme. The issue is documented across multiple sources (CVE/NVD and Red Hat EUVD/AKB entries) and is tied to the downgra...

Linux Distros Unpatched Vulnerability : CVE-2025-62349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using ...

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

CVE-2025-62349 Salt Master authentication protocol downgrade may enable minion impersonation

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

CVE-2025-62349

CVE-2025-62349 affects Salt (SaltStack) where the authentication protocol can downgrade to an older request payload format, enabling a malicious minion to impersonate hosts and bypass protections added in response to prior issues. The issue is described as a downgrade weakness in the authenticati...

CVE-2025-62349 Salt Master authentication protocol downgrade may enable minion impersonation

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

EUVD-2025-206568

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

CVE-2025-62349

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues...

PT-2026-5435

Name of the Vulnerable Software and Affected Versions Salt affected versions not specified Description Salt is susceptible to an authentication protocol version downgrade. A malicious minion can exploit this to bypass newer authentication and security features by utilizing an older request payloa...

EUVD-2022-33297

Malicious code in bioql PyPI...

CVE-2022-28860

An authentication downgrade in the server in Citilog 8.0 allows an attacker in a man in the middle position between the server and its smart camera Axis M1125 to achieve HTTP access to the camera...

PT-2024-6402 · Openwrt · Openwrt

Name of the Vulnerable Software and Affected Versions: OpenWrt affected versions not specified Description: The issue is related to the implementation of the SAE H2E authentication protocol in the OpenWrt embedded operating system, which is affected by errors in handling input data. This could...