CVE-2026-1966

YugabyteDB Anywhere - Info Disclosure

Title source: llm

Description

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.

References (1)

[Various Sources] https://docs.yugabyte.com/stable/secure/vulnerability-disclosure-policy/

Scores

EPSS 0.0003

EPSS Percentile 7.0%

Classification

CWE

CWE-522

Status draft

Timeline

Published Feb 05, 2026

Tracked Since Feb 18, 2026