CVE-2026-43505

A flaw was found in Prosody, specifically within the modproxy65 module when enabled. This vulnerability arises from modproxy65 mishandling access control during the activation process. A remote attacker could exploit this flaw to relay unauthenticated traffic, potentially leading to unauthorized...

Linux Distros Unpatched Vulnerability : CVE-2026-43504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access contro...

FreeBSD : Prosody XMPP server advisory 2026-04-29 (a420f545-442c-11f1-b9b5-589cfc0dc9a2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a420f545-442c-11f1-b9b5-589cfc0dc9a2 advisory. The Prosody team reports: Traffic patterns were discovered which can cause Prosody to consume excessive...

CVE-2026-43505

Prosody (with mod_proxy65 enabled) is affected by CVE-2026-43505. In versions before 0.12.6 and 1.0.0 up to 13.0.0 before 13.0.5, mod_proxy65 mishandles access control in the activation scenario, allowing relaying of unauthenticated traffic. Impact is limited to unauthorized relaying; no exploita...

EUVD-2026-26658

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43505

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43505

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43505

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43504

Prosody has a vulnerability CVE-2026-43504 in which the mod_proxy65 module mishandles access control in a paused state, allowing relaying of unauthenticated traffic. Affected versions are Prosody before 0.12.6 and 1.0.0 up to 13.0.0, with fixes in 13.0.5 and later. The issue is due to incorrect a...

EUVD-2026-26657

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

PT-2026-36479

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod proxy65 is enabled. Because mod proxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

PT-2026-36480

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod proxy65 is enabled. Because mod proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur...

Prosody 安全漏洞

Prosody is an instant messaging server software from Prosody open source. A security vulnerability exists in Prosody versions prior to 0.12.6 and versions prior to 13.0.5 in versions 1.0.0 through 13.0.0, which stems from improper handling of access control in an activation scenario with...

EUVD-2021-19639

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-32917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the...

SUSE CVE-2021-32917

An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth...