CVE-2026-1966

A flaw was found in YugabyteDB Anywhere. This vulnerability allows an authenticated user with access to the configuration view to obtain Lightweight Directory Access Protocol LDAP bind passwords. These passwords are displayed in cleartext within the web user interface UI when configured via gflag...

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

EUVD-2026-5553

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

YugabyteDB Anywhere 安全漏洞

YugabyteDB Anywhere is a database offered by the American company YugabyteDB. There is a security vulnerability in YugabyteDB Anywhere, which stems from the web interface displaying LDAP binding passwords in plain text. This vulnerability may allow authenticated users to obtain credentials, leadi...

PT-2026-6551

Name of the Vulnerable Software and Affected Versions YugabyteDB Anywhere affected versions not specified Description YugabyteDB Anywhere reveals LDAP bind passwords in plain text within its web user interface. An authenticated user who can access the configuration view may be able to obtain thes...

CVE-2024-41435

YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter...

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

EUVD-2023-54492

Malicious code in bioql PyPI...

EUVD-2023-58268

Malicious code in bioql PyPI...

EUVD-2024-33678

Malicious code in bioql PyPI...

EUVD-2025-24148

Malicious code in bioql PyPI...

EUVD-2023-58269

Malicious code in bioql PyPI...

EUVD-2022-40030

Malicious code in bioql PyPI...

CVE-2025-8866

An authentication flaw has been discovered in YugabyteDB. Access is not properly enforced for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records...

CVE-2025-8866

Summary: CVE-2025-8866 affects the YugabyteDB Anywhere web server, where the /metamaster/universe API endpoint does not properly enforce authentication. What’s affected: YugabyteDB Anywhere web server (specific versions not enumerated in provided documents). Root cause (as described): Authenticat...

CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service...

CVE-2025-8862

YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. To mitigate this, we recommend upgrading the database to a version where this information is properly redacted...

CVE-2025-8863

CVE-2025-8863 affects YugabyteDB: diagnostic information transmitted over HTTP can expose sensitive data during transmission. The CVSS 4.0 vector yields a HIGH base score (7.0) with network attack vector, high attack complexity, and impact mainly on confidentiality. No explicit fix version is pro...

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...