Ldap

CVE-2026-9064 describes a denial-of-service vulnerability in 389-ds-base where an unauthenticated attacker can send a crafted LDAP request with excessive controls, causing excessive CPU consumption and heap allocation, leading to latency degradation, worker thread starvation, or out-of-memory termination.

Open WebUI is vulnerable to an LDAP authentication bypass where the LDAP authentication endpoint does not validate that the submitted password is non-empty before performing a Simple Bind against the LDAP server, potentially granting attackers complete account access.

The ldap3_proto package is vulnerable to LDAP Filter stack exhaustion due to unbounded query depth, potentially causing a denial of service in applications processing LDAP queries, affecting versions before 0.7.1.

Lemur versions before 1.9.0 are vulnerable to LDAP filter injection, where an authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership queries and escalate their privileges to administrator.

The rule detects suspicious access to LDAP attributes in Active Directory by identifying read access to a high number of Active Directory object attributes, which can help adversaries find vulnerabilities, elevate privileges, or collect sensitive information.