CVE-2026-25738 | Indico up to 3.3.9 Environment Variable http_proxy/https_proxy toctou (GHSA-f47c-3c5w-v7p4)

A vulnerability was found in Indico up to 3.3.9 and classified as critical. This impacts an unknown function of the component Environment Variable Handler. The manipulation of the argument http_proxy/https_proxy results in time-of-check time-of-use.

This vulnerability was named CVE-2026-25738. The attack may be performed from remote. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More