CVE-2026-12804

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N                                    

Vulnerability Description

A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability Details

Published Date

June 21, 2026

Last Modified

June 21, 2026

CWE ID

CWE-601

Source

NVD

Product

lemonldap-ng

External References

https://vuldb.com/cve/CVE-2026-12804
https://vuldb.com/submit/836105
https://vuldb.com/vuln/372598
https://vuldb.com/vuln/372598/cti

CVE-2026-12804

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment