Vulnerability-Lookup

CVE-2026-23906 (GCVE-0-2026-23906)

Vulnerability from cvelistv5 – Published: 2026-02-10 09:28 – Updated: 2026-02-12 04:45

Title

Apache Druid: Authentication Bypass via LDAP Anonymous Bind

Summary

Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying LDAP server permits anonymous bind Vulnerability Description An authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous binds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials. The vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. Impact A remote, unauthenticated attacker can: * Gain unauthorized access to the Apache Druid cluster * Access sensitive data stored in Druid datasources * Execute queries and potentially manipulate data * Access administrative interfaces if the bypassed account has elevated privileges * Completely compromise the confidentiality, integrity, and availability of the Druid deployment Mitigation Immediate Mitigation (No Druid Upgrade Required): * Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action. Resolution * Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-287 - Improper Authentication

Assigner

apache

References

2 references

URL	Tags
https://lists.apache.org/thread/2x9rv3kv6t1p577lv…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/02/09/5

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Druid	Affected: 0.17.0 , < 36.0.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T15:40:50.988837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T15:42:54.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-12T04:45:28.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/09/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "org.apache.druid.extensions:druid-basic-security",
          "product": "Apache Druid",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "36.0.0",
              "status": "affected",
              "version": "0.17.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cb\u003eAffected Products and Versions\u003c/b\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eApache Druid\u003c/li\u003e\u003cli\u003eAffected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\u003c/li\u003e\u003cli\u003ePrerequisites:\u003cul\u003e\u003cli\u003edruid-basic-security extension enabled\u003c/li\u003e\u003cli\u003eLDAP authenticator configured\u003c/li\u003e\u003cli\u003eUnderlying LDAP server permits anonymous bind\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eVulnerability Description\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\u003cbr\u003ebinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\u003cbr\u003e\u003cbr\u003eThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \u003cbr\u003e\u003cbr\u003e\u003cb\u003eImpact\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eA remote, unauthenticated attacker can:\u003cbr\u003e\u003cul\u003e\u003cli\u003eGain unauthorized access to the Apache Druid cluster\u003c/li\u003e\u003cli\u003eAccess sensitive data stored in Druid datasources\u003c/li\u003e\u003cli\u003eExecute queries and potentially manipulate data\u003c/li\u003e\u003cli\u003eAccess administrative interfaces if the bypassed account has elevated privileges\u003c/li\u003e\u003cli\u003eCompletely compromise the confidentiality, integrity, and availability of the Druid deployment\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cb\u003eMitigation\u003c/b\u003e\u003cbr\u003e\u0026nbsp;\u003cbr\u003eImmediate Mitigation (No Druid Upgrade Required):  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u003cul\u003e\u003cli\u003eDisable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eResolution\u003cbr\u003e\u003c/b\u003e\u003cul\u003e\u003cli\u003eUpgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Affected Products and Versions\n  *  Apache Druid\n  *  Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\n  *  Prerequisites:  *  druid-basic-security extension enabled\n  *  LDAP authenticator configured\n  *  Underlying LDAP server permits anonymous bind\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\n\n\n\n\n\nVulnerability Description\n\nAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\nbinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\n\nThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \n\nImpact\n\nA remote, unauthenticated attacker can:\n  *  Gain unauthorized access to the Apache Druid cluster\n  *  Access sensitive data stored in Druid datasources\n  *  Execute queries and potentially manipulate data\n  *  Access administrative interfaces if the bypassed account has elevated privileges\n  *  Completely compromise the confidentiality, integrity, and availability of the Druid deployment\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\n\n\nMitigation\n\u00a0\nImmediate Mitigation (No Druid Upgrade Required):  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \n  *  Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\n\n\n\nResolution\n  *  Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T09:28:09.007Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Apache Druid: Authentication Bypass via LDAP Anonymous Bind",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-23906",
    "datePublished": "2026-02-10T09:28:09.007Z",
    "dateReserved": "2026-01-19T08:57:10.063Z",
    "dateUpdated": "2026-02-12T04:45:28.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-23906",
      "date": "2026-06-27",
      "epss": "0.01034",
      "percentile": "0.59533"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23906\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-02-10T10:15:59.427\",\"lastModified\":\"2026-06-17T10:22:17.367\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Affected Products and Versions\\n  *  Apache Druid\\n  *  Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\\n  *  Prerequisites:  *  druid-basic-security extension enabled\\n  *  LDAP authenticator configured\\n  *  Underlying LDAP server permits anonymous bind\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\\n\\n\\n\\n\\n\\n\\nVulnerability Description\\n\\nAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\\nbinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\\n\\nThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \\n\\nImpact\\n\\nA remote, unauthenticated attacker can:\\n  *  Gain unauthorized access to the Apache Druid cluster\\n  *  Access sensitive data stored in Druid datasources\\n  *  Execute queries and potentially manipulate data\\n  *  Access administrative interfaces if the bypassed account has elevated privileges\\n  *  Completely compromise the confidentiality, integrity, and availability of the Druid deployment\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\\n\\n\\nMitigation\\n\u00a0\\nImmediate Mitigation (No Druid Upgrade Required):  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \\n  *  Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\\n\\n\\n\\nResolution\\n  *  Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.\"},{\"lang\":\"es\",\"value\":\"Productos y Versiones Afectados\\n  *  Apache Druid\\n  *  Versiones Afectadas: 0.17.0 hasta 35.x (todas las versiones anteriores a 36.0.0)\\n  *  Prerrequisitos:\\n  *  extensi\u00f3n druid-basic-security habilitada\\n  *  autenticador LDAP configurado\\n  *  El servidor LDAP subyacente permite el enlace an\u00f3nimo\\n\\nDescripci\u00f3n de la vulnerabilidad\\n\\nExiste una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Apache Druid al usar la extensi\u00f3n druid-basic-security con autenticaci\u00f3n LDAP. Si el servidor LDAP subyacente est\u00e1 configurado para permitir enlaces an\u00f3nimos, un atacante puede omitir la autenticaci\u00f3n proporcionando un nombre de usuario existente con una contrase\u00f1a vac\u00eda. Esto permite el acceso no autorizado a recursos de Druid que de otro modo estar\u00edan restringidos sin credenciales v\u00e1lidas.\\n\\nLa vulnerabilidad se deriva de una validaci\u00f3n incorrecta de las respuestas de autenticaci\u00f3n LDAP cuando se permiten los enlaces an\u00f3nimos, tratando efectivamente el \u00e9xito del enlace an\u00f3nimo como una autenticaci\u00f3n de usuario v\u00e1lida.\\n\\nImpacto\\n\\nUn atacante remoto no autenticado puede:\\n  *  Obtener acceso no autorizado al cl\u00faster de Apache Druid\\n  *  Acceder a datos sensibles almacenados en las fuentes de datos de Druid\\n  *  Ejecutar consultas y potencialmente manipular datos\\n  *  Acceder a interfaces administrativas si la cuenta omitida tiene privilegios elevados\\n  *  Comprometer completamente la confidencialidad, integridad y disponibilidad de la implementaci\u00f3n de Druid\\n\\nMitigaci\u00f3n\\n\\nMitigaci\u00f3n Inmediata (No se requiere actualizaci\u00f3n de Druid):\\n  *  Deshabilite el enlace an\u00f3nimo en su servidor LDAP. Esto evita que la vulnerabilidad sea explotable y es la acci\u00f3n inmediata recomendada.\\n\\nResoluci\u00f3n\\n  *  Actualice Apache Druid a la versi\u00f3n 36.0.0 o posterior, que incluye correcciones para rechazar correctamente los intentos de enlace an\u00f3nimo de LDAP.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Druid\",\"defaultStatus\":\"unaffected\",\"packageName\":\"org.apache.druid.extensions:druid-basic-security\",\"versions\":[{\"version\":\"0.17.0\",\"lessThan\":\"36.0.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-10T15:40:50.988837Z\",\"id\":\"CVE-2026-23906\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.17.0\",\"versionEndExcluding\":\"36.0.0\",\"matchCriteriaId\":\"1EAD572D-067D-4CCC-9C8E-B4439C08B80D\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/09/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/09/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-12T04:45:28.979Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-23906\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-10T15:40:50.988837Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-10T15:40:21.383Z\"}}], \"cna\": {\"title\": \"Apache Druid: Authentication Bypass via LDAP Anonymous Bind\", \"source\": {\"discovery\": \"INTERNAL\"}, \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Druid\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.17.0\", \"lessThan\": \"36.0.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.druid.extensions:druid-basic-security\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Affected Products and Versions\\n  *  Apache Druid\\n  *  Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\\n  *  Prerequisites:  *  druid-basic-security extension enabled\\n  *  LDAP authenticator configured\\n  *  Underlying LDAP server permits anonymous bind\\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\n\\n\\n\\n\\n\\n\\nVulnerability Description\\n\\nAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\\nbinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\\n\\nThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \\n\\nImpact\\n\\nA remote, unauthenticated attacker can:\\n  *  Gain unauthorized access to the Apache Druid cluster\\n  *  Access sensitive data stored in Druid datasources\\n  *  Execute queries and potentially manipulate data\\n  *  Access administrative interfaces if the bypassed account has elevated privileges\\n  *  Completely compromise the confidentiality, integrity, and availability of the Druid deployment\\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\u00a0\\n\\n\\nMitigation\\n\\u00a0\\nImmediate Mitigation (No Druid Upgrade Required):  \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\n  *  Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\\n\\n\\n\\nResolution\\n  *  Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cb\u003eAffected Products and Versions\u003c/b\u003e\u003cbr\u003e\u003cul\u003e\u003cli\u003eApache Druid\u003c/li\u003e\u003cli\u003eAffected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\u003c/li\u003e\u003cli\u003ePrerequisites:\u003cul\u003e\u003cli\u003edruid-basic-security extension enabled\u003c/li\u003e\u003cli\u003eLDAP authenticator configured\u003c/li\u003e\u003cli\u003eUnderlying LDAP server permits anonymous bind\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eVulnerability Description\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\u003cbr\u003ebinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\u003cbr\u003e\u003cbr\u003eThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \u003cbr\u003e\u003cbr\u003e\u003cb\u003eImpact\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eA remote, unauthenticated attacker can:\u003cbr\u003e\u003cul\u003e\u003cli\u003eGain unauthorized access to the Apache Druid cluster\u003c/li\u003e\u003cli\u003eAccess sensitive data stored in Druid datasources\u003c/li\u003e\u003cli\u003eExecute queries and potentially manipulate data\u003c/li\u003e\u003cli\u003eAccess administrative interfaces if the bypassed account has elevated privileges\u003c/li\u003e\u003cli\u003eCompletely compromise the confidentiality, integrity, and availability of the Druid deployment\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cb\u003eMitigation\u003c/b\u003e\u003cbr\u003e\u0026nbsp;\u003cbr\u003eImmediate Mitigation (No Druid Upgrade Required):  \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u003cul\u003e\u003cli\u003eDisable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eResolution\u003cbr\u003e\u003c/b\u003e\u003cul\u003e\u003cli\u003eUpgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-02-10T09:28:09.007Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-23906\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-12T04:45:28.979Z\", \"dateReserved\": \"2026-01-19T08:57:10.063Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-02-10T09:28:09.007Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CNVD-2026-12894

Vulnerability from cnvd - Published: 2026-03-04

Title

Apache Druid认证绕过漏洞

Description

Apache Druid是美国阿帕奇（Apache）基金会的一款使用Java语言编写的、面向列的开源分布式数据库。 Apache Druid存在安全漏洞，该漏洞源于LDAP身份验证响应验证不当，可能导致身份验证绕过。攻击者可利用该漏洞仅通过提供存在的用户名和空密码即可绕过身份验证，未经授权访问Druid集群、查询敏感数据、执行数据操作，若目标账户具有管理员权限还可完全控制Druid部署，对系统的机密性、完整性和可用性构成严重威胁。

Severity

高

Patch Name

Apache Druid认证绕过漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新: https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-23906

Impacted products

Name
Apache Druid >=0.17.0，<36.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-23906",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-23906"
    }
  },
  "description": "Apache Druid\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4f7f\u7528Java\u8bed\u8a00\u7f16\u5199\u7684\u3001\u9762\u5411\u5217\u7684\u5f00\u6e90\u5206\u5e03\u5f0f\u6570\u636e\u5e93\u3002\n\nApache Druid\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLDAP\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u9a8c\u8bc1\u4e0d\u5f53\uff0c\u53ef\u80fd\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ec5\u901a\u8fc7\u63d0\u4f9b\u5b58\u5728\u7684\u7528\u6237\u540d\u548c\u7a7a\u5bc6\u7801\u5373\u53ef\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u672a\u7ecf\u6388\u6743\u8bbf\u95eeDruid\u96c6\u7fa4\u3001\u67e5\u8be2\u654f\u611f\u6570\u636e\u3001\u6267\u884c\u6570\u636e\u64cd\u4f5c\uff0c\u82e5\u76ee\u6807\u8d26\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u8fd8\u53ef\u5b8c\u5168\u63a7\u5236Druid\u90e8\u7f72\uff0c\u5bf9\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0:\r\nhttps://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-12894",
  "openTime": "2026-03-04",
  "patchDescription": "Apache Druid\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u4f7f\u7528Java\u8bed\u8a00\u7f16\u5199\u7684\u3001\u9762\u5411\u5217\u7684\u5f00\u6e90\u5206\u5e03\u5f0f\u6570\u636e\u5e93\u3002\r\n\r\nApache Druid\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eLDAP\u8eab\u4efd\u9a8c\u8bc1\u54cd\u5e94\u9a8c\u8bc1\u4e0d\u5f53\uff0c\u53ef\u80fd\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ec5\u901a\u8fc7\u63d0\u4f9b\u5b58\u5728\u7684\u7528\u6237\u540d\u548c\u7a7a\u5bc6\u7801\u5373\u53ef\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u672a\u7ecf\u6388\u6743\u8bbf\u95eeDruid\u96c6\u7fa4\u3001\u67e5\u8be2\u654f\u611f\u6570\u636e\u3001\u6267\u884c\u6570\u636e\u64cd\u4f5c\uff0c\u82e5\u76ee\u6807\u8d26\u6237\u5177\u6709\u7ba1\u7406\u5458\u6743\u9650\u8fd8\u53ef\u5b8c\u5168\u63a7\u5236Druid\u90e8\u7f72\uff0c\u5bf9\u7cfb\u7edf\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u6784\u6210\u4e25\u91cd\u5a01\u80c1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Druid\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Druid \u003e=0.17.0\uff0c\u003c36.0.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-23906",
  "serverity": "\u9ad8",
  "submitTime": "2026-02-13",
  "title": "Apache Druid\u8ba4\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2026-23906

Vulnerability from fkie_nvd - Published: 2026-02-10 10:15 - Updated: 2026-06-17 10:22

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@apache.org	https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/02/09/5

Impacted products

	Vendor	Product	Version
	apache	druid	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "packageName": "org.apache.druid.extensions:druid-basic-security",
          "product": "Apache Druid",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "36.0.0",
              "status": "affected",
              "version": "0.17.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "security@apache.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:druid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EAD572D-067D-4CCC-9C8E-B4439C08B80D",
              "versionEndExcluding": "36.0.0",
              "versionStartIncluding": "0.17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Affected Products and Versions\n  *  Apache Druid\n  *  Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\n  *  Prerequisites:  *  druid-basic-security extension enabled\n  *  LDAP authenticator configured\n  *  Underlying LDAP server permits anonymous bind\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\n\n\n\n\n\nVulnerability Description\n\nAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\nbinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\n\nThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \n\nImpact\n\nA remote, unauthenticated attacker can:\n  *  Gain unauthorized access to the Apache Druid cluster\n  *  Access sensitive data stored in Druid datasources\n  *  Execute queries and potentially manipulate data\n  *  Access administrative interfaces if the bypassed account has elevated privileges\n  *  Completely compromise the confidentiality, integrity, and availability of the Druid deployment\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\n\n\nMitigation\n\u00a0\nImmediate Mitigation (No Druid Upgrade Required):  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \n  *  Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\n\n\n\nResolution\n  *  Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts."
    },
    {
      "lang": "es",
      "value": "Productos y Versiones Afectados\n  *  Apache Druid\n  *  Versiones Afectadas: 0.17.0 hasta 35.x (todas las versiones anteriores a 36.0.0)\n  *  Prerrequisitos:\n  *  extensi\u00f3n druid-basic-security habilitada\n  *  autenticador LDAP configurado\n  *  El servidor LDAP subyacente permite el enlace an\u00f3nimo\n\nDescripci\u00f3n de la vulnerabilidad\n\nExiste una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Apache Druid al usar la extensi\u00f3n druid-basic-security con autenticaci\u00f3n LDAP. Si el servidor LDAP subyacente est\u00e1 configurado para permitir enlaces an\u00f3nimos, un atacante puede omitir la autenticaci\u00f3n proporcionando un nombre de usuario existente con una contrase\u00f1a vac\u00eda. Esto permite el acceso no autorizado a recursos de Druid que de otro modo estar\u00edan restringidos sin credenciales v\u00e1lidas.\n\nLa vulnerabilidad se deriva de una validaci\u00f3n incorrecta de las respuestas de autenticaci\u00f3n LDAP cuando se permiten los enlaces an\u00f3nimos, tratando efectivamente el \u00e9xito del enlace an\u00f3nimo como una autenticaci\u00f3n de usuario v\u00e1lida.\n\nImpacto\n\nUn atacante remoto no autenticado puede:\n  *  Obtener acceso no autorizado al cl\u00faster de Apache Druid\n  *  Acceder a datos sensibles almacenados en las fuentes de datos de Druid\n  *  Ejecutar consultas y potencialmente manipular datos\n  *  Acceder a interfaces administrativas si la cuenta omitida tiene privilegios elevados\n  *  Comprometer completamente la confidencialidad, integridad y disponibilidad de la implementaci\u00f3n de Druid\n\nMitigaci\u00f3n\n\nMitigaci\u00f3n Inmediata (No se requiere actualizaci\u00f3n de Druid):\n  *  Deshabilite el enlace an\u00f3nimo en su servidor LDAP. Esto evita que la vulnerabilidad sea explotable y es la acci\u00f3n inmediata recomendada.\n\nResoluci\u00f3n\n  *  Actualice Apache Druid a la versi\u00f3n 36.0.0 o posterior, que incluye correcciones para rechazar correctamente los intentos de enlace an\u00f3nimo de LDAP."
    }
  ],
  "id": "CVE-2026-23906",
  "lastModified": "2026-06-17T10:22:17.367",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-23906",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-10T15:40:50.988837Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-10T10:15:59.427",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/09/5"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GHSA-Q672-HFC7-G833

Vulnerability from github – Published: 2026-02-10 12:30 – Updated: 2026-02-12 14:20

Summary

Apache Druid Vulnerable to Authentication Bypass

Details

Vulnerability Description

An authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous binds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.

The vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication.

Impact

A remote, unauthenticated attacker can: * Gain unauthorized access to the Apache Druid cluster * Access sensitive data stored in Druid datasources * Execute queries and potentially manipulate data * Access administrative interfaces if the bypassed account has elevated privileges * Completely compromise the confidentiality, integrity, and availability of the Druid deployment

Mitigation Immediate Mitigation (No Druid Upgrade Required): * Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.

Resolution * Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.

Severity

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.druid.extensions:druid-basic-security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.17.0"
            },
            {
              "fixed": "36.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-23906"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T14:33:40Z",
    "nvd_published_at": "2026-02-10T10:15:59Z",
    "severity": "CRITICAL"
  },
  "details": "Affected Products and Versions\n  *  Apache Druid\n  *  Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0)\n  *  Prerequisites:  *  druid-basic-security extension enabled\n  *  LDAP authenticator configured\n  *  Underlying LDAP server permits anonymous bind\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n\n\n\n\n\n\nVulnerability Description\n\nAn authentication bypass vulnerability exists in Apache Druid when using the druid-basic-security extension with LDAP authentication. If the underlying LDAP server is configured to allow anonymous\nbinds, an attacker can bypass authentication by providing an existing username with an empty password. This allows unauthorized access to otherwise restricted Druid resources without valid credentials.\n\nThe vulnerability stems from improper validation of LDAP authentication responses when anonymous binds are permitted, effectively treating anonymous bind success as valid user authentication. \n\nImpact\n\nA remote, unauthenticated attacker can:\n  *  Gain unauthorized access to the Apache Druid cluster\n  *  Access sensitive data stored in Druid datasources\n  *  Execute queries and potentially manipulate data\n  *  Access administrative interfaces if the bypassed account has elevated privileges\n  *  Completely compromise the confidentiality, integrity, and availability of the Druid deployment\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\n\n\nMitigation\n\u00a0\nImmediate Mitigation (No Druid Upgrade Required):  \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \n  *  Disable anonymous bind on your LDAP server. This prevents the vulnerability from being exploitable and is the recommended immediate action.\n\n\n\nResolution\n  *  Upgrade Apache Druid to version 36.0.0 or later, which includes fixes to properly reject anonymous LDAP bind attempts.",
  "id": "GHSA-q672-hfc7-g833",
  "modified": "2026-02-12T14:20:10Z",
  "published": "2026-02-10T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23906"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/druid"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/09/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Druid Vulnerable to Authentication Bypass"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-23906 (GCVE-0-2026-23906)

CNVD-2026-12894

FKIE_CVE-2026-23906

GHSA-Q672-HFC7-G833

Tags

Sightings

Nomenclature