CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

CVE-2026-1966 YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

EUVD-2025-24153

Malicious code in bioql PyPI...

EUVD-2025-24144

Malicious code in bioql PyPI...

CVE-2025-8865

A null pointer dereference flaw has been discovered in YugabyteDB. An authenticated attacker could exploit this to crash the YCQL tablet server, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Ha...

CVE-2025-8866

YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records...

CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service...

CVE-2025-8865

The YugabyteDB tablet server contains a flaw in its YCQL query handling that can trigger a null pointer dereference when processing certain malformed inputs. An authenticated attacker could exploit this issue to crash the YCQL tablet server, resulting in a denial of service...

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission...

CVE-2025-8862

CVE-2025-8862 involves YugabyteDB collecting diagnostics from servers, which may include sensitive gflag configurations. The underlying issue is that this information is not properly redacted in some versions, leading to potential exposure. The connected documents consistently state the mitigatio...

PT-2025-32542 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB affected versions not specified Description: YugabyteDB has been collecting diagnostics information from YugabyteDB servers, which may include sensitive gflag configurations. Recommendations: Upgrade the database to a version where...

YugabyteDB 日志信息泄露漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB that stems from SAS tokens not being masked in the configuration response. This leads to an information disclosure vulnerability...

YugabyteDB 安全漏洞

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. A security vulnerability exists in YugabyteDB version v2.21.1.0, which stems from a buffer overflow issue in the insert into parameter...

YugabyteDB Information Disclosure Vulnerability

YugabyteDB is a high-performance transactional distributed SQL database for cloud-native applications from Yugabyte USA. An information disclosure vulnerability exists in YugabyteDB. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor...

PT-2023-16497 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.0.0.0 through 2.13.0.0 Description: The High Availability functionality of Yugabyte Anywhere can be exploited to write arbitrary files through the backup upload endpoint by using path traversal characters. This...

PT-2023-16376 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: Yugabyte DB versions prior to 2.2.0.0 Description: The issue is related to External Control of Critical State Data and Improper Control of Generation of Code, also known as 'Code Injection' vulnerability. This vulnerability affects YugaByte,...

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...