Description
A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.
Published: 2026-06-22
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the LDAP search filter handling of the SearchFirstActiveDirectoryRealm in centraldogma-server-auth-shiro allows an unauthenticated attacker to inject LDAP filter metacharacters. The injection bypasses neutralization and can be used to trigger authentication confusion while exposing the directory structure. The vulnerability does not directly grant arbitrary code execution, but it enables an attacker to disclose directory contents and potentially influence authentication outcomes.

Affected Systems

The affected product is LY Corporation Central Dogma, specifically the centraldogma-server-auth-shiro component in versions prior to 0.84.0. Any instance of Central Dogma using these versions is susceptible to the LDAP injection and the resulting enumeration capabilities.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and no EPSS entry or KEV listing is available at this time, suggesting low current exploit activity. The attack vector is inferred to be network-based, targeting unauthenticated users that can reach the LDAP authentication endpoint. In practice, an attacker only needs to craft a malicious LDAP query through the authentication interface to exploit the filter injection.

Generated by OpenCVE AI on June 22, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Central Dogma to version 0.84.0 or later, which implements proper LDAP filter sanitization.
  • If an upgrade is not immediately possible, disable or remove the SearchFirstActiveDirectoryRealm configuration to prevent unauthenticated LDAP queries.
  • Apply network segmentation or firewall rules to block unauthenticated traffic to the LDAP authentication endpoint until a patch or configuration change can be applied.

Generated by OpenCVE AI on June 22, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title LDAP Injection in SearchFirstActiveDirectoryRealm Allows Directory Enumeration
Weaknesses CWE-90

Mon, 22 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: LY-Corporation

Published:

Updated: 2026-06-22T02:37:35.370Z

Reserved: 2026-06-09T06:50:03.618Z

Link: CVE-2026-11748

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T04:30:16Z

Weaknesses
  • CWE-90

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')