CVE-2026-40193 | foxcpp maddy up to 0.9.2 SMTP/IMAP /go-ldap/ldap/v3 strings.ReplaceAll ldap injection (GHSA-5835-4gvc-32pc)

A vulnerability labeled as critical has been found in foxcpp maddy up to 0.9.2. This vulnerability affects the function strings.ReplaceAll of the file /go-ldap/ldap/v3 of the component SMTP/IMAP. The manipulation results in ldap injection.

This vulnerability is reported as CVE-2026-40193. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More