CVE-2026-44304 | Netflix lemur up to 1.8.x lemur/auth/ldap.py Username ldap injection (GHSA-3r34-vq8m-39gh)

Inserito da Angelo Barbosa | Mag 13, 2026 | CVE

A vulnerability classified as critical was found in Netflix lemur up to 1.8.x. This affects an unknown function of the file lemur/auth/ldap.py. The manipulation of the argument Username results in ldap injection.

This vulnerability is identified as CVE-2026-44304. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-44304 | Netflix lemur up to 1.8.x lemur/auth/ldap.py Username ldap injection (GHSA-3r34-vq8m-39gh)

Post correlati

CVE-2025-0393 | Royal Elementor Addons and Templates up to 1.7.1006 on WordPress cross-site request forgery

CVE-2023-50470 | SeaCMS 12.8 admin_video.php action cross site scripting

CVE-2024-44449 | Quorum onQ OS 6.0.0.5.2064 Login msg cross site scripting

CVE-2024-4945 | SourceCodester Best Courier Management System 1.0 view_parcel.php id unrestricted upload