216.73.216.86

CVE-2026-44305

· Published 12/05/2026 22:16 · Modified 13/05/2026 17:24

Labels: CVE-2026-44305 2026-05-12CVE-2026-44305CWE-295[email protected]

Essential information

Published
12/05/2026 22:16
Modified
13/05/2026 17:24
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the LDAP server to intercept all authentication credentials. This vulnerability is fixed in 1.9.0.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lemur / lemur cpe:2.3:a:lemur:lemur:<1.9.0:*:*:*:*:*:*:*

References