Skip to main content

Apache Shiro

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-49268 HIGH This Week

LDAP injection in Apache Shiro's DefaultLdapRealm allows remote unauthenticated attackers to manipulate Distinguished Name construction during LDAP bind authentication, potentially bypassing authentication or impersonating other users. The flaw affects all versions through 2.2.0 and 3.0.0-alpha-1 when DefaultLdapRealm is in use, with no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high integrity impact against an authentication-critical component.

LDAP Apache Code Injection Authentication Bypass Apache Shiro
NVD
CVSS 4.0
8.8
CVE-2026-49268
CVSS 8.8
HIGH This Week

LDAP injection in Apache Shiro's DefaultLdapRealm allows remote unauthenticated attackers to manipulate Distinguished Name construction during LDAP bind authentication, potentially bypassing authentication or impersonating other users. The flaw affects all versions through 2.2.0 and 3.0.0-alpha-1 when DefaultLdapRealm is in use, with no public exploit identified at time of analysis. The CVSS 4.0 score of 8.8 reflects high integrity impact against an authentication-critical component.

LDAP Apache Code Injection +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy