CVE-2026-1966

Low CVSS: 2.4

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.

Vendor

Product

CWE

CWE-522

Yayın Tarihi

2026-02-05 12:16:01

Güncelleme

2026-02-05 14:57:20

Source Identifier

security@yugabyte.com

KEV Date Added

Kategoriler

CWE-522 LOW 2026

Referanslar

https://docs.yugabyte.com/stable/secure/vulnerability-disclosure-policy/