Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-59269— Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries

CVSS 3.8 · Low EPSS 0.17% · P7

Possible ATT&CK Techniques 1AI

T1199 · Trusted Relationship

Affected Version Matrix 1

VendorProductVersion RangeStatus
VMwarePinniped0.11.0≤ 0.46.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-59269

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Privilege Escalation via Active Directory LDAP injection in Pinniped Supervisor can be executed by an attacker who can edit LDAP Group DN entries
Source: NVD (National Vulnerability Database)
Vulnerability Description
A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain elevated permissions in the clusters, only if all the following conditions were true: the Pinniped Supervisor server is running with an ActiveDirectoryIdentityProvider resource configured; the ActiveDirectoryIdentityProvider.spec.groupSearch.attributes.groupName is empty; the attacker gains the ability to edit some part of the distinguished name (DN) of group entries in the Active Directory (AD) server's database for groups to which they belong; the configured group search parameters cause the edited group to be included in the group search results for the user; and the attacker knows the password for an AD user who belongs to the edited AD group. Affected versions: Pinniped (go.pinniped.dev) v0.11.0 through v0.46.0 inclusive; fixed in v0.47.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware Pinniped 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware pinniped是美国VMware公司开源的一个身份认证代理工具。 VMware Pinniped 0.11.0版本至0.46.0版本存在输入验证错误漏洞,该漏洞源于输入验证错误,可能导致攻击者在满足一系列特定条件时通过Pinniped Supervisor进行认证时获得集群中的提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
VMwarePinniped 0.11.0 ~ 0.46.0 -

II. Public POCs for CVE-2026-59269

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-59269

登录查看更多情报信息。

Vendor Advisories for CVE-2026-59269 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-59269

No comments yet


Leave a comment