CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

CVE-2026-11746

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

CVE-2026-11748

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

EUVD-2026-38208

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate t...

CVE-2026-11748

The CVE affects centraldogma-server-auth-shiro

CVE-2026-11746

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

CVE-2026-11746

CVE-2026-11746 affects centraldogma-server versions prior to 0.84.0. If ZooKeeper replication is enabled without setting replication.secret, the server falls back to a hard-coded, publicly known secret that authenticates the embedded ZooKeeper ensemble. This allows an attacker with network access...

EUVD-2026-38207

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

com.infobip.kafkistry:kafkistry-app (>=0.7.0 <=0.10.0), com.infobip.kafkistry:kafkistry-auditing (>=0.7.0 <=0.10.0) +19 more potentially affected by CVE-2026-48827 via org.apache.sshd:sshd-git (>=2.10.0 <=2.17.1)

org.apache.sshd:sshd-git MAVEN version =2.10.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.62.0, =2.25.0, =1.1.0, =1.1.1 and more Source cves: CVE-2026-48827 Source advisory: SNYK:JAVA-ORGAPACHESSHD-17151844...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the Shiro web login for logged-in users with incorrect permissions. An attacker can redirect users to malicious websites by crafting specially designed URLs. Remediation Upgrade...

com.linecorp.centraldogma:centraldogma-server-auth-saml (>=0.33.0 <=0.64.0), com.linecorp.centraldogma:centraldogma-server-auth-shiro (>=0.33.0 <=0.64.0) +7 more potentially affected by CVE-2024-1143 via com.linecorp.centraldogma:centraldogma-server (>=0.17.0 <=0.64.0)

com.linecorp.centraldogma:centraldogma-server MAVEN version =0.17.0, =0.33.0, =0.33.0, =0.61.0, =0.62.0, =0.17.0, =0.44.0, =0.44.0, =0.44.0, =0.64.0 - com.linecorp.centraldogma:centraldogma-xds =0.64.0 Source cves: CVE-2024-1143 Source advisory: OSV:GHSA-34Q3-P352-C7Q8...

Privilege Escalation

centraldogma-server is vulnerable to privilege escalation. A user with file managing privileges of the project is able to mirror to internal repositories...