Threats Tagged 'cve-2026-27895'
View all threats tagged with 'cve-2026-27895'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-27895'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-27895: CWE-185: Incorrect Regular Expression in LDAPAccountManager lamCVE-2026-27895 0 CVE-2026-27895 is a medium severity vulnerability in LDAP Account Manager (LAM) versions prior to 9.5, where the PDF export component improperly validates uploaded file extensions. This flaw allows attackers with limited privileges to upload arbitrary file types, including executable PHP files, potentially leading to remote code execution as the web server user. The vulnerability arises from an incorrect regular expression validation (CWE-185) that fails to restrict file uploads properly. Although no known exploits are currently in the wild, successful exploitation could compromise the integrity of affected systems. The issue is fixed in LAM version 9.5, and a recommended workaround is to make the configuration directory read-only for the web server user. Organizations using LAM for LDAP management should prioritize upgrading or applying mitigations to prevent exploitation. Join the discussion | CVE Database V5 | 03/17/2026, 23:51:26 UTC Added: 03/18/2026, 00:13:21 UTC |
Showing 1 to 1 of 1 result