Home / Vulnerability Intelligence / CVE-2026-44304

CVE-2026-44304 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: May 12, 2026

Lemur - LDAP Injection

Published: May 12, 2026Updated: May 12, 2026Remote Exploitable

Overview

Lemur < 1.9.0 contains an LDAP injection caused by unsanitized user input in LDAP search filters in lemur/auth/ldap.py, letting authenticated LDAP users escalate privileges to administrator by injecting LDAP filter metacharacters.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Authenticated LDAP users can escalate their privileges to administrator, compromising system security.

Mitigation

Upgrade to version 1.9.0 or later.

References

https://github.com/Netflix/lemur/security/advisories/GHSA-3r34-vq8m-39gh

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-44304
Severity: High
CVSS Score: 8.1
Type: ldap_injection
Status: new

CWE

CWE-90

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N