CVE-2026-27894
- Source
- https://cve.org/CVERecord?id=CVE-2026-27894
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27894.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-27894
- Downstream
- Related
- Published
- 2026-03-17T23:48:06.530Z
- Modified
- 2026-04-10T05:37:27.233184Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- LAM has Authenticated Local File Inclusion (LFI) in PDF export
- Details
-
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible).
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-98" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27894.json" }- References
-
- https://github.com/LDAPAccountManager/lam/releases/tag/9.5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27894.json
- https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8
- https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf
- https://nvd.nist.gov/vuln/detail/CVE-2026-27894
Affected packages
Git / github.com/ldapaccountmanager/lam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ldapaccountmanager/lam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
8.*
8.5
8.6
8.6.RC1
8.7
8.7.RC1
8.8
8.8.RC1
8.9
8.9.RC1
9.*
9.0
9.0.RC1
9.1
9.1.RC1
9.2
9.2.RC1
9.3
9.3.RC1
9.4
9.4.RC1
9.5.RC1
Other
lam_5_4
lam_5_4_RC1
lam_5_5
lam_5_5_RC1
lam_5_6
lam_5_6_RC1
lam_5_7
lam_5_7_RC1
lam_6_0
lam_6_0_RC1
lam_6_0_RC2
lam_6_1
lam_6_1_RC1
lam_6_2
lam_6_2_RC1
lam_6_3
lam_6_3_RC1
lam_6_4
lam_6_4_RC1
lam_6_5
lam_6_5_RC1
lam_6_6
lam_6_6_RC1
lam_6_7
lam_6_7_RC1
lam_6_8
lam_6_8_RC1
lam_6_9
lam_6_9_RC1
lam_7_0
lam_7_0_RC1
lam_7_1
lam_7_1_RC1
lam_7_2
lam_7_2_RC1
lam_7_3
lam_7_4
lam_7_4_RC1
lam_7_5
lam_7_5_RC1
lam_7_6
lam_7_6_RC1
lam_7_7
lam_7_7_RC1
lam_7_8
lam_7_8_RC1
lam_7_9_RC1
lam_8_0
lam_8_0_1
lam_8_0_RC1
lam_8_1
lam_8_1_RC1
lam_8_2
lam_8_2_RC1
lam_8_3
lam_8_3_RC1
lam_8_4
lam_8_4_RC1
lam_8_5_RC1
untagged-0f11e4b04e249cac51c5