Description
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."
Published: 2026-06-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in lemonldap‑ng versions up to 2.23.0, specifically in the CDC.pm library used by the SAML Common Domain Cookie Endpoint. By manipulating the "url" argument, an attacker can cause the application to redirect the user to an arbitrary external site. This flaw is classified as CWE‑601 and can be triggered remotely by sending a crafted HTTP request. The vendor has fixed the issue in lemonldap‑ng 2.23.1; currently CDC is rarely used, so the overall impact is considered low.

Affected Systems

The affected product is lemonldap‑ng, a single sign‑on solution for web applications. Versions affected include all releases up to and including 2.23.0. No specific minor or patch versions are listed beyond this range.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact, and the EPSS score is not available, meaning current estimated exploit probability is unknown. The vulnerability is publicly available but has already been fixed in lemonldap‑ng 2.23.1; however, because CDC is rarely used, the overall impact is considered low. Attackers could still exploit it remotely by sending a crafted HTTP request that manipulates the "url" parameter, resulting in a redirection to an external domain. The flaw is not listed in CISA KEV.

Generated by OpenCVE AI on June 22, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade lemonldap‑ng to a newer release that addresses the open redirect flaw.
  • If upgrading is not immediately possible, modify CDC.pm or the application configuration to enforce strict validation of the "url" argument, restricting redirects to an internal whitelist of domains.
  • Deploy a web application firewall or similar rule set to detect and block requests that supply external URLs in the "url" parameter, preventing the redirect from occurring.

Generated by OpenCVE AI on June 22, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}


Mon, 22 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 22 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect
First Time appeared Lemonldap-ng
Lemonldap-ng lemonldap-ng
Weaknesses CWE-601
CPEs cpe:2.3:a:lemonldap-ng:lemonldap-ng:*:*:*:*:*:*:*:*
Vendors & Products Lemonldap-ng
Lemonldap-ng lemonldap-ng
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Lemonldap-ng Lemonldap-ng
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T15:52:04.231Z

Reserved: 2026-06-21T04:09:21.573Z

Link: CVE-2026-12804

cve-icon Vulnrichment

Updated: 2026-06-22T10:28:02.187Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-21T18:30:07Z

Links: CVE-2026-12804 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-22T18:30:15Z

Weaknesses
  • CWE-601

    URL Redirection to Untrusted Site ('Open Redirect')