Vulnerability in Mtrudel Bandit

CVE-2026-39807

Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determine_scheme/2 in lib/bandit/pipeline.ex retur…

EPSS: 0.000 (7.6th percentile) — read the EPSS interpretation.

Affected products

Mtrudel Bandit — versions 1.0.0, ff2f829326cd5dcf7335939aef9775269d881e28

Weakness classification (CWE)

CWE-807

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)