CVE-2026-11748

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been identified in centraldogma-server-auth-shiro versions prior to 0.84.0, where the SearchFirstActiveDirectoryRealm substitutes the login username into an LDAP search filter without neutralizing LDAP filter metacharacters, allowing an unauthenticated attacker to manipulate the filter to cause authentication confusion and enumerate the directory structure.

Vendor	ly corporation
Product	central dogma
Published	Jun 22, 2026

Stay Ahead of the Next One

Get instant alerts for ly corporation central dogma

Be the first to know when new unknown vulnerabilities affecting ly corporation central dogma are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

LY Corporation / Central Dogma

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/line/centraldogma/security/advisories/GHSA-98q5-5qh2-7w75