CVE-2026-44304

Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0

Description The LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username variable in the '/auth/login' endpoint to manipulate group membership queries. This allows the user to escalate their privileges to administrator, gaining unauthorized access to all certificates, private keys via the '/certificates//key' endpoint, and CA configurations, as well as the ability to issue certificates under any authority. The issue occurs within the bind() function.

Recommendations Update to version 1.9.0. As a temporary workaround, restrict access to the LDAP authentication module or the '/auth/login' endpoint to trusted users only.