EUVD-2026-38768

Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native ADSI authentication path, allowing unauthenticated attackers to inject LDAP wildcard characters to enumerate directory entries and to authenticate as a...

FortiOS - Insecure LDAP Configuration Detection

The FortiGate LDAP configuration was detected to be insecure due to missing ca-cert, secure LDAPS, or server-identity-check, potentially exposing LDAP communications to credential interception or man-in-the-middle attacks under specific network conditions. id: CVE-2019-5591 info: name: FortiOS -...

CVE-2026-47203

CVE-2026-47203 (Authelia) affects Authelia 4.38.0–4.39.19 where using Basic Auth on the authz verification endpoint exposes a bug: the username extracted from the Authorization header is passed to the ban/attempt regulation as-is, while LDAP binds are case-insensitive but regulation SQL lookups c...

Astra Linux – Vulnerability in Apache Log4j1.2

The JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration, or when the configuration references an LDAP service to which the attacker has access. The attacker can provide a...

Astra Linux – Vulnerability in the 389-DS-base

A flaw was discovered in the ‘deref’ plugin of 389-ds-base, where it could use the ‘search’ permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes...

UBUNTU-CVE-2026-49268

A remote attacker can inject LDAP special characters into the Distinguished Name DN construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an attacker to manipulate th...

CVE-2026-49268

The CVE-2026-49268 issue affects Apache Shiro’s DefaultLdapRealm where user input is concatenated into the LDAP DN template without escaping RFC 2253 characters. This LDAP DN injection can alter the bind DN, potentially bypassing authentication or impersonating other users. Technical details conf...

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

CVE-2026-45559

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

CVE-2026-42568

CVE-2026-42568 affects YAMCS when LdapAuthModule is configured. The root cause is that the username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, enabling an authentication bypass (e.g., username=*) and potentially granting access to tokens for first matching ...

CVE-2026-45559

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

EUVD-2026-36040

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

Denial Of Service

Keycloak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of LDAP password policy responses, where a malformed response from a configured LDAP server can trigger an OutOfMemoryError during password authentication processing, causing the Keycloak JVM to termina...

CLDAP Analyzer with ASN.1 BER Encoding and Basic TLV Response Parser

This Python script implements a CLDAP Connectionless LDAP analyzer that builds and sends LDAP CLDAP discovery requests and parses responses using ASN.1 BER encoding and a basic TLV parser. It constructs a structured LDAP search request including DnsDomain, User, and NtVer filters, sends it over U...

Roxy-WI 注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier have a vulnerability that stems from the getldapemail function, which constructs LDAP search filters using f-string concatenation. The username URL path...

CVE-2026-9751

The vulnerability CVE-2026-9751 affects MongoDB’s mongod process: when ldapQueryPassword is set via the runtime setParameter command, the new password is logged in plain text to mongod.log. The issue is caused by logging sensitive parameter data, leading to potential exposure of credentials on th...

UBUNTU-CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

CVE-2026-11788

The vulnerability CVE-2026-11788 affects 389 Directory Server (389-ds-base) in the dereference control plugin BER parser. The root cause is that the plugin does not check for BER allocation failures before using structures, enabling a null pointer/dereference scenario that can crash the LDAP serv...

PT-2026-47014

Name of the Vulnerable Software and Affected Versions NetMan 204 affected versions not specified Description Authentication is not enforced on administrative pages and command endpoints. A remote, unauthenticated attacker can directly request pages such as 'administration.html',...

CVE-2026-10611 OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.requireotp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticat...