CVE-2026-39807 | mtrudel bandit up to 1.10.x on Untrusted TCP Connection lib/bandit/pipeline.ex Elixir.bandit.Pipeline:determine_scheme reliance on untrusted inputs in a security decision (GHSA-375f-4r2h-f99j / EUVD-2026-26714)

Inserito da Angelo Barbosa | Mag 2, 2026 | CVE

A vulnerability classified as critical was found in mtrudel bandit up to 1.10.x on Untrusted. Impacted is the function Elixir.bandit.Pipeline:determine_scheme in the library lib/bandit/pipeline.ex of the component TCP Connection Handler. Such manipulation leads to reliance on untrusted inputs in a security decision.

This vulnerability is traded as CVE-2026-39807. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2026-39807 | mtrudel bandit up to 1.10.x on Untrusted TCP Connection lib/bandit/pipeline.ex Elixir.bandit.Pipeline:determine_scheme reliance on untrusted inputs in a security decision (GHSA-375f-4r2h-f99j / EUVD-2026-26714)

Post correlati

CVE-2024-58239 | Linux Kernel up to 6.7.6 tls recv infinite loop

CVE-2026-33003 | LoadNinja Plugin up to 2.1 on Jenkins Controller File System permission

CVE-2025-1305 | NewsBlogger Theme up to 0.2.5.4 on WordPress Plugin Installation newsblogger_install_and_activate_plugin cross-site request forgery

CVE-2024-48841 | ABB FLXEON up to 9.3.4 filename control