CVE-2026-57962

MEDIUM

Denial-of-service via malicious LDAP address-book server

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-57962. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-57962, a vulnerability in Thunderbird's LDAP client that allows a malicious LDAP server to stash arbitrarily large attacker-supplied data. The code provides a framework for a malicious LDAP server but lacks actual exploit implementation.

Description

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-57962_malicious_ldap_server.py

This repository contains an auto-generated stub module for CVE-2026-57962, a vulnerability in Thunderbird's LDAP client that allows a malicious LDAP server to stash arbitrarily large attacker-supplied data. The code provides a framework for a malicious LDAP server but lacks actual exploit implementation.

Classification
Stub 98%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Mozilla Thunderbird (LDAP client)
No auth needed
Prerequisites: Thunderbird configured to query the attacker-controlled LDAP server for address-book autocomplete · Victim interaction (e.g., triggering autocomplete)
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

Scores

CVSS v3 5.3
EPSS 0.0020
EPSS Percentile 10.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (4)
mozilla/thunderbird < 140.12.1
mozilla/thunderbird < 152.0.1
Mozilla/Thunderbird 140.12.1 - 140.*
Mozilla/Thunderbird 152.0.1
Published Jul 01, 2026
Tracked Since Jul 01, 2026