Teatime Lab Security Research

Archives

All the articles I've archived.

2026 1
April 1

  • CVE-2026-40193: LDAP filter injection in maddy

    A deep dive into the unsanitized-username LDAP injection we reported in foxcpp/maddy — including the two-path timing side-channel that turns every SMTP AUTH response into an oracle.