Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-44304. PoCs published by dwisiswant0.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-44304, an LDAP filter injection vulnerability in Netflix Lemur versions prior to 1.9.0. The exploit demonstrates privilege escalation by injecting LDAP metacharacters into the username field during authentication, bypassing group-membership checks to gain admin roles.
Description
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership queries and escalate their privileges to administrator. This vulnerability is fixed in 1.9.0.
Exploits (1)
This repository contains a functional exploit for CVE-2026-44304, an LDAP filter injection vulnerability in Netflix Lemur versions prior to 1.9.0. The exploit demonstrates privilege escalation by injecting LDAP metacharacters into the username field during authentication, bypassing group-membership checks to gain admin roles.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N