Skip to main content

Liman MYS EUVDEUVD-2026-42035

| CVE-2026-13696 HIGH
LDAP Injection (CWE-90)
2026-07-07 iletisim@usom.gov.tr GHSA-44vj-xc6r-j6m3
8.8
CVSS 3.1 · Vendor: usom
Share

Severity by source

Vendor (usom) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Network-reachable and low-complexity but requires a valid low-privilege account (PR:L); LDAP injection strongly enables data disclosure and authorization tampering (C:H/I:H), while availability impact is uncertain and rated conservatively (A:L).

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (usom).

CVSS VectorVendor: usom

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 12:32 vuln.today

DescriptionCVE.org

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.

This issue affects Liman MYS: before release.Master.1107.

AnalysisAI

Privilege-escalation-capable LDAP injection in HAVELSAN Liman MYS (all releases before Master.1107) lets an authenticated attacker inject unsanitized special characters into LDAP queries, subverting directory-backed authentication and authorization logic. Because Liman is typically wired into corporate LDAP/Active Directory for login, a successful injection can expose directory data, bypass access controls, and manipulate query results. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege Liman account
Delivery
Submit LDAP metacharacters in input field
Exploit
Rewrite intended LDAP filter
Execution
Bypass directory authorization
Impact
Disclose or alter directory data

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session on Liman MYS (CVSS PR:L), so the attacker must already hold or obtain valid low-privilege credentials, and the deployment must have Liman integrated with an LDAP/Active Directory backend such that user input reaches an LDAP query - the precise vulnerable input field is not detailed in the advisory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 8.8) describes a network-reachable, low-complexity attack that requires only low privileges and no user interaction, with high impact to confidentiality, integrity, and availability - a genuinely serious profile for an authenticated user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds a low-privilege Liman MYS account (or phishes one) submits crafted input into a field that feeds an LDAP search - such as a username or search filter - inserting metacharacters that rewrite the query into an always-true or wildcard match. The manipulated filter returns directory entries or authorization results the attacker should not have, enabling data disclosure or an authorization bypass. …
Remediation Upgrade Liman MYS to release Master.1107 or later, which is the first fixed release per the vendor advisory (vendor-released patch: Master.1107); consult the USOM bulletin at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504 for exact upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all HAVELSAN Liman MYS deployments to identify versions and LDAP/AD integration scope; restrict Liman administrative console access to essential personnel and enable comprehensive logging of all LDAP queries and authentication events. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in LDAP

View all
CVE-2016-9299 CRITICAL POC
9.8 Jan 12

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a

CVE-2017-14596 CRITICAL POC
9.8 Sep 20

In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,

CVE-2017-8790 CRITICAL POC
9.8 May 05

An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-28853 MEDIUM POC
6.5 Apr 04

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut

CVE-2020-36966 MEDIUM POC
6.4 Jan 30

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows at

CVE-2025-36556 MEDIUM POC
6.1 Jan 20

A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6

CVE-2026-23906 CRITICAL
9.8 Feb 10

Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p

CVE-2026-44930 CRITICAL
9.8 May 22

Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90)

CVE-2024-33868 CRITICAL
9.8 May 14

An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re

CVE-2023-6905 CRITICAL
9.8 Dec 18

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&i

CVE-2021-43350 CRITICAL
9.8 Nov 11

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the P

CVE-2026-21880 MEDIUM POC
5.3 Jan 08

Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP au

Share

EUVD-2026-42035 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy