GHSA-527g-3w9m-29hv: LDAP Injection in mitmproxy

April 14, 2026

In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication.

Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default.

References

github.com/advisories/GHSA-527g-3w9m-29hv
github.com/mitmproxy/mitmproxy
github.com/mitmproxy/mitmproxy/security/advisories/GHSA-527g-3w9m-29hv

Code Behaviors & Features

Detect and mitigate GHSA-527g-3w9m-29hv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →