What is CVE-2026-27895?

CVE-2026-27895 is a medium-severity vulnerability in Ldapaccountmanager Lam, classified under Incorrect Regular Expression. CVSS score: 4.3/10. Published 2026-03-17.

How severe is CVE-2026-27895?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Ldapaccountmanager Lam

CVE-2026-27895

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way…

EPSS: 0.001 (27.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Ldapaccountmanager Lam — versions < 9.5

Weakness classification (CWE)

CWE-185 — Incorrect Regular Expression

References

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8 (x_refsource_CONFIRM)
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf (x_refsource_MISC)
https://github.com/LDAPAccountManager/lam/releases/tag/9.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-27895?: CVE-2026-27895 is a medium-severity vulnerability in Ldapaccountmanager Lam, classified under Incorrect Regular Expression. CVSS score: 4.3/10. Published 2026-03-17.
How severe is CVE-2026-27895?: Medium severity. CVSS v3 base score is 4.3 out of 10.