Tag: maddy

All the articles with the tag "maddy".

• CVE-2026-40193: LDAP filter injection in maddy

  12 Apr, 2026

  A deep dive into the unsanitized-username LDAP injection we reported in foxcpp/maddy — including the two-path timing side-channel that turns every SMTP AUTH response into an oracle.