PT-2026-6551 · Yugabyte · Yugabytedb Anywhere
Published
2026-02-05
·
Updated
2026-02-05
·
CVE-2026-1966
CVSS v4.0
2.4
Low
| Vector | AV:P/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
YugabyteDB Anywhere (affected versions not specified)
Description
YugabyteDB Anywhere reveals LDAP bind passwords in plain text within its web user interface. An authenticated user who can access the configuration view may be able to obtain these credentials, which could lead to unauthorized access to external directory services.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yugabytedb Anywhere