Cyber Resilience

CVE-2026-25644

High

Published: 06 February 2026

Published
06 February 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0002 4.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25644 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Datahub Datahub. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-17 (Public Key Infrastructure Certificates).

Deeper analysis

CVE-2026-25644 affects DataHub, an open-source metadata platform, specifically in its LDAP ingestion source prior to version 1.3.1.8. The vulnerability enables a man-in-the-middle (MITM) attack through TLS downgrade, classified under CWE-295 (Improper Certificate Validation). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.

An unauthenticated attacker positioned on the network path between the DataHub instance and the LDAP server can exploit this by forcing a downgrade from TLS to a weaker protocol or cipher, allowing interception of sensitive data transmitted during LDAP ingestion. Successful exploitation results in high-impact confidentiality loss, such as exposure of metadata or credentials, without affecting integrity or availability.

The GitHub security advisory (GHSA-j34h-x7qg-4qw5) confirms the issue was patched in DataHub version 1.3.1.8, recommending immediate upgrades for affected installations. No additional mitigations are specified beyond applying the patch.

EU & UK References

Vulnerability details

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Vulnerability explicitly enables MITM via TLS downgrade from improper cert validation (CWE-295) on LDAP connections, directly mapping to Adversary-in-the-Middle for credential/data interception.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31854Shared CWE-295
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2024-29171Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2025-66001Shared CWE-295

Affected Assets

datahub
datahub
≤ 1.3.1.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of PKI certificates in TLS connections to LDAP servers, addressing CWE-295 improper certificate validation that enables TLS downgrade MITM attacks.

prevent

Mandates protection of transmission confidentiality and integrity for LDAP ingestion traffic, preventing data interception by enforcing secure TLS without downgrade vulnerabilities.

prevent

Requires cryptographic mechanisms to protect information during transmission to LDAP servers, ensuring TLS configurations resist downgrade to weaker protocols or ciphers.

References