CVE-2026-11748

Vulnerability Description

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.

Vulnerability Details

Published Date

June 22, 2026

Last Modified

June 22, 2026

Source

NVD

Vendor

LY Corporation

Product

Central Dogma

External References

https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment