CNNVD-202602-1642 Information

CNNVD ID

CNNVD-202602-1642

Related CVE

CVE-2026-23906

• CNNVD Published: 2026-02-10

Description (Chinese)

Apache Druid是美国阿帕奇（Apache）基金会的一款使用Java语言编写的、面向列的开源分布式数据库。 Apache Druid 36.0.0之前版本存在安全漏洞，该漏洞源于LDAP身份验证响应验证不当，可能导致身份验证绕过。

Description (English)

Apache Druid is an open-source, column-oriented database of the Apache Foundation in Java. There was a security loophole in the previous version of Apache Druid 36.0.0, which stemmed from the inappropriate verification of the LDAP identification response, which could lead to the identification being bypassed.

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-10

Last Modified

2026-02-24

References

https://lists.apache.org/thread/2x9rv3kv6t1p577lvq4z0rl0zlt9g4sr https://access.redhat.com/security/cve/cve-2026-23906

Patch

https://druid.apache.org/downloads.html/