NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-11748

Summary	A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.
Publication Date	June 22, 2026, 12:16 p.m.
Registration Date	June 27, 2026, 4:08 a.m.
Last Update	June 23, 2026, 5:21 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75	dl_cve@linecorp.com
2	https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-90	LDAP インジェクション	https://cwe.mitre.org/data/definitions/90.html