{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T11:15:21.665","vulnerabilities":[{"cve":{"id":"CVE-2026-1966","sourceIdentifier":"security@yugabyte.com","published":"2026-02-05T12:16:01.467","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services."},{"lang":"es","value":"YugabyteDB Anywhere muestra las contraseñas de enlace LDAP configuradas a través de gflags en texto claro dentro de la interfaz de usuario web. Un usuario autenticado con acceso a la vista de configuración podría obtener las credenciales LDAP, lo que podría permitir el acceso no autorizado a servicios de directorio externos."}],"metrics":{"cvssMetricV40":[{"source":"security@yugabyte.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:H/AT:P/PR:H/UI:A/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"HIGH","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security@yugabyte.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://docs.yugabyte.com/stable/secure/vulnerability-disclosure-policy/","source":"security@yugabyte.com"}]}}]}