CVE-2026-39807 | mtrudel bandit up to 1.10.x on Untrusted TCP Connection lib/bandit/pipeline.ex Elixir.bandit.Pipeline:determine_scheme reliance on untrusted inputs in a security decision (GHSA-375f-4r2h-f99j / EUVD-2026-26714)

A vulnerability classified as critical was found in mtrudel bandit up to 1.10.x on Untrusted. Impacted is the function Elixir.bandit.Pipeline:determine_scheme in the library lib/bandit/pipeline.ex of the component TCP Connection Handler. Such manipulation leads to reliance on untrusted inputs in a security decision.

This vulnerability is traded as CVE-2026-39807. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More