{"api_version":"1","generated_at":"2026-06-24T20:35:05+00:00","cve":"CVE-2026-12804","urls":{"html":"https://cve.report/CVE-2026-12804","api":"https://cve.report/api/cve/CVE-2026-12804.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-12804","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-12804"},"summary":{"title":"lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect","description":"A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that \"it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low.\"","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-06-21 19:16:23","updated_at":"2026-06-22 18:24:24"},"problem_types":["CWE-601","CWE-601 Open Redirect"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"2.1","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","data":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","data":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","data":{"baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/372598/cti","name":"https://vuldb.com/vuln/372598/cti","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/836105","name":"https://vuldb.com/submit/836105","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979","name":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/3619","name":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/3619","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/cve/CVE-2026-12804","name":"https://vuldb.com/cve/CVE-2026-12804","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/372598","name":"https://vuldb.com/vuln/372598","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-12804","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12804","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.0","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.1","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.2","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.3","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.4","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.5","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.6","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.7","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.8","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.9","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.10","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.11","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.12","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.13","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.14","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.15","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.16","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.17","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.18","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.19","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.20","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.21","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.22","platforms":[]},{"source":"CNA","vendor":"n/a","product":"lemonldap-ng","version":"affected 2.23.0","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-06-21T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-06-21T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-06-22T17:56:58.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"geochen (VulDB User)","lang":"en"},{"source":"CNA","value":"VulDB CNA Team","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"12804","cve":"CVE-2026-12804","epss":"0.002640000","percentile":"0.175530000","score_date":"2026-06-23","updated_at":"2026-06-24 00:09:25"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-12804","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-22T10:27:57.331935Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-22T10:28:14.299Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:lemonldap-ng:lemonldap-ng:*:*:*:*:*:*:*:*"],"modules":["SAML Common Domain Cookie Endpoint"],"product":"lemonldap-ng","vendor":"n/a","versions":[{"status":"affected","version":"2.0"},{"status":"affected","version":"2.1"},{"status":"affected","version":"2.2"},{"status":"affected","version":"2.3"},{"status":"affected","version":"2.4"},{"status":"affected","version":"2.5"},{"status":"affected","version":"2.6"},{"status":"affected","version":"2.7"},{"status":"affected","version":"2.8"},{"status":"affected","version":"2.9"},{"status":"affected","version":"2.10"},{"status":"affected","version":"2.11"},{"status":"affected","version":"2.12"},{"status":"affected","version":"2.13"},{"status":"affected","version":"2.14"},{"status":"affected","version":"2.15"},{"status":"affected","version":"2.16"},{"status":"affected","version":"2.17"},{"status":"affected","version":"2.18"},{"status":"affected","version":"2.19"},{"status":"affected","version":"2.20"},{"status":"affected","version":"2.21"},{"status":"affected","version":"2.22"},{"status":"affected","version":"2.23.0"}]}],"credits":[{"lang":"en","type":"reporter","value":"geochen (VulDB User)"},{"lang":"en","type":"coordinator","value":"VulDB CNA Team"}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that \"it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low.\""}],"metrics":[{"cvssV4_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-601","description":"Open Redirect","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-22T15:52:04.231Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-372598 | lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/372598"},{"name":"VDB-372598 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/372598/cti"},{"name":"CVE-2026-12804 | CVE Analysis and Report","tags":["third-party-advisory"],"url":"https://vuldb.com/cve/CVE-2026-12804"},{"name":"Submit #836105 | lemonldap lemonldap-ng ca7af863ac5f60d127ba01e8661c0365be374d4b Open Redirect","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/836105"},{"tags":["related"],"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/3619"},{"tags":["patch"],"url":"https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979"}],"timeline":[{"lang":"en","time":"2026-06-21T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-06-21T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-06-22T17:56:58.000Z","value":"VulDB entry last update"}],"title":"lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-12804","datePublished":"2026-06-21T18:30:07.377Z","dateReserved":"2026-06-21T04:09:21.573Z","dateUpdated":"2026-06-22T15:52:04.231Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-21 19:16:23","lastModifiedDate":"2026-06-22 18:24:24","problem_types":["CWE-601","CWE-601 Open Redirect"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T10:27:57.331935Z","id":"CVE-2026-12804","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"12804","Ordinal":"1","Title":"lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect","CVE":"CVE-2026-12804","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"12804","Ordinal":"1","NoteData":"A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that \"it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low.\"","Type":"Description","Title":"lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect"}]}}}