CVE-2026-44305

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all authentication credentials. This vulnerability is fixed in 1.9.0.

295

Improper Certificate Validation

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Authentication

Potential Impacts:

Bypass Protection Mechanism Gain Privileges Or Assume Identity

Applicable Platforms

Technologies: Mobile, Not Technology-Specific, Web Based

View CWE Details

https://github.com/Netflix/lemur/security/advisories/GHSA-v…

https://github.com/Netflix/lemur/security/advisories/GHSA-vr7c-r5gj-j3w5

CVE-2026-44305

Description

Improper Certificate Validation

Common Consequences

Applicable Platforms

Iscriviti alla newsletter