Man-in-the-Middle

CVE-2026-3012 describes a vulnerability in Samba's certificate auto-enrollment Group Policy handling, where retrieval of CA certificates over unencrypted HTTP connections without proper verification could allow attackers to supply malicious certificates, leading to interception or spoofing of trusted communications.

A vulnerability in gnutls (CVE-2026-42013) allows a remote attacker to bypass certificate validation by providing an oversized Subject Alternative Name (SAN), causing the validation process to fall back to the Common Name (CN) field, potentially leading to spoofing or man-in-the-middle attacks.

CVE-2025-14575 describes an uncontrolled search path element vulnerability in the Qt Network OpenSSL TLS backend, allowing for the loading of rogue CA certificates, potentially leading to man-in-the-middle attacks.

Windmill versions prior to 1.703.2 are vulnerable to incorrect default permissions in the nsjail sandbox configuration, allowing authenticated users to inject malicious entries into critical system files, leading to potential privilege escalation and man-in-the-middle attacks.

Modification of the CoreDNS or kube-dns ConfigMap in the kube-system namespace can lead to cluster-wide DNS poisoning, enabling man-in-the-middle attacks against internal services and the Kubernetes API server.

CVE-2026-0249 describes multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect app that could allow an attacker to intercept encrypted communications and potentially compromise the endpoint, especially on macOS, Android, and ChromeOS.

CVE-2026-0250 is a medium severity buffer overflow vulnerability in Palo Alto Networks GlobalProtect App that could allow a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges by intercepting and manipulating requests and responses between the Portal and Gateway.

Attackers can silently redirect Claude Code MCP traffic to intercept OAuth tokens, enabling persistent access to connected SaaS platforms by modifying the ~/.claude.json file in a man-in-the-middle attack.

A man-in-the-middle attacker can exploit a vulnerability in Net::IMAP's STARTTLS implementation to bypass TLS encryption, leading to cleartext transmission of sensitive information by injecting a spoofed 'OK' response during the TLS negotiation.

ABB B&R Automation Studio versions before 6.5 are vulnerable to improper certificate validation (CVE-2025-11043), potentially allowing an unauthenticated attacker to intercept and interfere with data exchanges, necessitating patching and secure network configurations.

CVE-2026-34073 is a vulnerability in unspecified Microsoft products due to incomplete DNS name constraint enforcement on peer names, potentially leading to certificate validation bypass.

A man-in-the-middle vulnerability exists in Amazon Athena ODBC driver versions prior to 2.1.0.0 due to improper certificate validation, potentially allowing attackers to intercept authentication credentials when connecting to external identity providers.

Node-forge's certificate chain verification fails to enforce RFC 5280 basicConstraints, allowing leaf certificates without basicConstraints and keyUsage extensions to act as Certificate Authorities, leading to potential certificate forgery and man-in-the-middle attacks.