Lucene search
K

EUVD-2026-37701

šŸ—“ļøĀ 17 Jun 2026Ā 13:07:44Reported byĀ EUVDTypeĀ 
euvd
Ā euvd
šŸ”—Ā euvd.enisa.europa.eušŸ‘Ā 8Ā Views

Remote attacker can inject directory access protocol characters into the distinguished name in DefaultLdapRealm to bypass authentication.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the DefaultLdapRealm class in the Apache Shiro framework allows a hacker to bypass security restrictions and perform data substitution.
30 Jun 202600:00
–bdu_fstec
Chainguard
CVE-2026-49268 vulnerabilities
23 Jun 202608:16
–cgr
Circl
CVE-2026-49268
17 Jun 202615:22
–circl
CNVD
Apache Shiro input validation vulnerability (CNVD-2026-26205)
30 Jun 202600:00
–cnvd
CVE
CVE-2026-49268
17 Jun 202613:07
–cve
Cvelist
CVE-2026-49268 Apache Shiro: LDAP DN Injection in DefaultLdapRealm
17 Jun 202613:07
–cvelist
Debian CVE
CVE-2026-49268
17 Jun 202613:07
–debiancve
Github Security Blog
Apache Shiro: LDAP DN Injection in DefaultLdapRealm
17 Jun 202618:35
–github
NVD
CVE-2026-49268
17 Jun 202614:17
–nvd
OSV
CGA-8R9F-84XG-4P6J
20 Jun 202613:17
–osv
Rows per page
[
  {
    "enisaIdVendor": [
      {
        "id": "f3b3f82e-45f7-34a8-af12-31c6b99e05d3",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "c24d232c-bd92-3011-b201-3883667ed648",
        "product": {
          "name": "Apache Shiro",
          "vendor": {
            "name": "Apache Software Foundation"
          }
        },
        "product_version": "0 ≤2.2.0"
      },
      {
        "id": "e226926c-ecbb-3231-a045-7193d1c5c647",
        "product": {
          "name": "Apache Shiro",
          "vendor": {
            "name": "Apache Software Foundation"
          }
        },
        "product_version": "3.0.0-alpha-0 ≤3.0.0-alpha-1"
      }
    ]
  }
]

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation