CVE Catalog

CVE-2026-11748

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

30th percentile — higher than 30% of all known CVEs

Summary

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters.

Risk Assessment

An unauthenticated attacker can manipulate the filter, leading to authentication confusion and allowing enumeration of the directory structure.

Recommendation

It is recommended to upgrade to version 0.84.0 or later to mitigate this vulnerability.

Original NVD description (English source)

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS