Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-1966
PUBLISHED
More InfoOfficial Page
Assigner-Yugabyte
Assigner Org ID-d4ae51d3-4db5-465e-bc8a-eb6768324078
View Known Exploited Vulnerability (KEV) details
Published At-05 Feb, 2026 | 11:38
Updated At-05 Feb, 2026 | 14:18
Rejected At-
▼CVE Numbering Authority (CNA)
YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.

Affected Products
Vendor
YugabyteDB Inc
Product
YugabyteDB Anywhere
Package Name
yugaware
Repo
https://github.com/yugabyte/yugabyte-db/
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • From 2025.1.0.0 before 2025.1.1.0 (custom)
  • From 2024.2.0.0 before 2024.2.6.0 (custom)
Unaffected
  • 2025.2.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522 Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522 Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
4.02.4LOW
CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Version: 4.0
Base score: 2.4
Base severity: LOW
Vector:
CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-118CAPEC-118 Data Leakage Attacks
CAPEC ID: CAPEC-118
Description: CAPEC-118 Data Leakage Attacks
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://docs.yugabyte.com/stable/secure/vulnerability-disclosure-policy/
N/A
Hyperlink: https://docs.yugabyte.com/stable/secure/vulnerability-disclosure-policy/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found