Browse all 6 CVE security advisories affecting YugabyteDB Inc. AI-powered Chinese analysis, POCs, and references for each vulnerability.
YugabyteDB develops a distributed SQL database designed for cloud-native applications requiring high availability and scalability. Historically, its vulnerabilities have commonly included remote code execution, cross-site scripting, and privilege escalation risks, often stemming from authentication bypasses and input validation flaws. The company maintains security through regular patches and follows responsible disclosure practices. With six CVEs currently on record, YugabyteDB has faced no major public security incidents, though its distributed architecture presents unique attack surfaces requiring continuous security hardening. The platform's compatibility with PostgreSQL and Cassandra standards influences its security profile, focusing on protecting distributed transactions and data consistency across multi-region deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1966 | YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI — YugabyteDB AnywhereCWE-522 | 8.1AI | HighAI | 2026-02-05 |
| CVE-2025-8866 | YugabyteDB 安全漏洞 — YugabyteDB AnywhereCWE-200 | 5.3AI | MediumAI | 2025-08-11 |
| CVE-2025-8865 | YugabyteDB 安全漏洞 — YugabyteDBCWE-476 | 6.5 | - | 2025-08-11 |
| CVE-2025-8864 | YugabyteDB 安全漏洞 — YugabyteDB AnywhereCWE-532 | 6.5 | - | 2025-08-11 |
| CVE-2025-8863 | YugabyteDB 安全漏洞 — YugabyteDBCWE-319 | 7.5 | - | 2025-08-11 |
| CVE-2025-8862 | YugabyteDB 安全漏洞 — YugabyteDBCWE-201 | 5.3 | - | 2025-08-11 |
This page lists every published CVE security advisory associated with YugabyteDB Inc. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.