Netflix Lemur
4 CVEs affecting Netflix Lemur. Latest disclosed: 2026-05-12. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44304 | High | 8.1 | 2026-05-12 | Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitize… |
CVE-2023-30797 | High | 7.5 | 2023-04-19 | Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacke… |
CVE-2015-7764 | High | 7.5 | 2017-08-09 | Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. |
CVE-2026-44305 | Medium | 6.8 | 2026-05-12 | Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disa… |