Bug 2491214 (CVE-2026-12804)

Summary: CVE-2026-12804 lemonldap-ng: Lemonldap-NG: Open Redirect via URL manipulation in SAML Common Domain Cookie Endpoint
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: xavier
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in lemonldap-ng. A remote attacker could exploit this vulnerability by manipulating the 'url' argument within the SAML Common Domain Cookie Endpoint. This manipulation results in an open redirect, potentially leading to users being redirected to arbitrary malicious websites.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2491282, 2491283    
Bug Blocks:    

Description OSIDB Bzimport 2026-06-21 20:01:14 UTC 
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Comment 2 Xavier Bachelot 2026-06-22 07:40:52 UTC 
Upstream fix : https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979

This functionality is barely used, the impact is very low.