UBUNTU-CVE-2026-22444
- Source
- https://ubuntu.com/security/CVE-2026-22444
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-22444.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-22444
- Upstream
- Published
- 2026-01-21T14:16:00Z
- Modified
- 2026-01-30T21:03:24.042971Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The "create core" API of Apache Solr 8.6 through 9.10.0 lacks sufficient input validation on some API parameters, which can cause Solr to check the existence of and attempt to read file-system paths that should be disallowed by Solr's "allowPaths" security setting https://https://solr.apache.org/guide/solr/latest/configuration-guide/configuring-solr-xml.html#the-solr-element . These read-only accesses can allow users to create cores using unexpected configsets if any are accessible via the filesystem. On Windows systems configured to allow UNC paths this can additionally cause disclosure of NTLM "user" hashes. Solr deployments are subject to this vulnerability if they meet the following criteria: * Solr is running in its "standalone" mode. * Solr's "allowPath" setting is being used to restrict file access to certain directories. * Solr's "create core" API is exposed and accessible to untrusted users. This can happen if Solr's RuleBasedAuthorizationPlugin https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html is disabled, or if it is enabled but the "core-admin-edit" predefined permission (or an equivalent custom permission) is given to low-trust (i.e. non-admin) user roles. Users can mitigate this by enabling Solr's RuleBasedAuthorizationPlugin (if disabled) and configuring a permission-list that prevents untrusted users from creating new Solr cores. Users should also upgrade to Apache Solr 9.10.1 or greater, which contain fixes for this issue.
- References
Affected packages
Ubuntu:20.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-22?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "liblucene3-contrib-java"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "liblucene3-java"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "libsolr-java"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "solr-common"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "solr-jetty"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "solr-tomcat"
}
]
}Ubuntu:22.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-24?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-26?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-26?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-2ubuntu0.1~esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "liblucene3-contrib-java"
},
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "liblucene3-java"
},
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "libsolr-java"
},
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "solr-common"
},
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "solr-jetty"
},
{
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4",
"binary_name": "solr-tomcat"
}
]
}Ubuntu:Pro:16.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-8ubuntu0.1+esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "liblucene3-contrib-java"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "liblucene3-java"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "libsolr-java"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "solr-common"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "solr-jetty"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "solr-tomcat"
}
]
}Ubuntu:Pro:18.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr@3.6.2+dfsg-18~18.04.1~esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "liblucene3-contrib-java"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "liblucene3-java"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "libsolr-java"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "solr-common"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "solr-jetty"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "solr-tomcat"
}
]
}