CYBERHAWK / CVE / CVE-2026-49268

CVE-2026-49268

CRITICAL CVSS 9.1 other

The flaw

A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 s

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-49268

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits