CVE-2026-25644
Published: 06 February 2026
Summary
CVE-2026-25644 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Datahub Datahub. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-17 (Public Key Infrastructure Certificates).
Deeper analysis
CVE-2026-25644 affects DataHub, an open-source metadata platform, specifically in its LDAP ingestion source prior to version 1.3.1.8. The vulnerability enables a man-in-the-middle (MITM) attack through TLS downgrade, classified under CWE-295 (Improper Certificate Validation). It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to network accessibility, low attack complexity, and no requirements for privileges or user interaction.
An unauthenticated attacker positioned on the network path between the DataHub instance and the LDAP server can exploit this by forcing a downgrade from TLS to a weaker protocol or cipher, allowing interception of sensitive data transmitted during LDAP ingestion. Successful exploitation results in high-impact confidentiality loss, such as exposure of metadata or credentials, without affecting integrity or availability.
The GitHub security advisory (GHSA-j34h-x7qg-4qw5) confirms the issue was patched in DataHub version 1.3.1.8, recommending immediate upgrades for affected installations. No additional mitigations are specified beyond applying the patch.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-6929
Vulnerability details
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability explicitly enables MITM via TLS downgrade from improper cert validation (CWE-295) on LDAP connections, directly mapping to Adversary-in-the-Middle for credential/data interception.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of PKI certificates in TLS connections to LDAP servers, addressing CWE-295 improper certificate validation that enables TLS downgrade MITM attacks.
Mandates protection of transmission confidentiality and integrity for LDAP ingestion traffic, preventing data interception by enforcing secure TLS without downgrade vulnerabilities.
Requires cryptographic mechanisms to protect information during transmission to LDAP servers, ensuring TLS configurations resist downgrade to weaker protocols or ciphers.