{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27894", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-24T15:19:29.717Z", "datePublished": "2026-03-17T23:48:06.530Z", "dateUpdated": "2026-03-18T19:54:13.831Z"}, "containers": {"cna": {"title": "LAM has Authenticated Local File Inclusion (LFI) in PDF export", "problemTypes": [{"descriptions": [{"cweId": "CWE-98", "lang": "en", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf"}, {"name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8", "tags": ["x_refsource_MISC"], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8"}, {"name": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5"}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"version": "< 9.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-17T23:51:09.865Z"}, "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible)."}], "source": {"advisory": "GHSA-w7xq-vjr3-p9cf", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T19:54:01.110248Z", "id": "CVE-2026-27894", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:54:13.831Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27894", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-18T19:54:01.110248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T19:54:05.503Z"}}], "cna": {"title": "LAM has Authenticated Local File Inclusion (LFI) in PDF export", "source": {"advisory": "GHSA-w7xq-vjr3-p9cf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LDAPAccountManager", "product": "lam", "versions": [{"status": "affected", "version": "< 9.5"}]}], "references": [{"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8", "name": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5", "name": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-17T23:51:09.865Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27894", "state": "PUBLISHED", "dateUpdated": "2026-03-18T19:54:13.831Z", "dateReserved": "2026-02-24T15:19:29.717Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-17T23:48:06.530Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible)."}, {"lang": "es", "value": "LDAP Account Manager (LAM) es una interfaz web para gestionar entradas (p. ej., usuarios, grupos, configuraciones DHCP) almacenadas en un directorio LDAP. Antes de la versi\u00f3n 9.5, se detect\u00f3 una inclusi\u00f3n local de ficheros en la exportaci\u00f3n de PDF que permite a los usuarios incluir ficheros PHP locales y de esta manera ejecutar c\u00f3digo. En combinaci\u00f3n con GHSA-88hf-2cjm-m9g8, esto permite ejecutar c\u00f3digo arbitrario. Los usuarios deben iniciar sesi\u00f3n en LAM para explotar esta vulnerabilidad. La versi\u00f3n 9.5 soluciona el problema. Aunque se recomienda la actualizaci\u00f3n, una soluci\u00f3n alternativa ser\u00eda hacer que /var/lib/ldap-account-manager/config sea de solo lectura para el usuario del servidor web y eliminar los ficheros de perfil de PDF (haciendo imposibles las exportaciones de PDF)."}], "id": "CVE-2026-27894", "lastModified": "2026-03-18T14:52:44.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-18T00:16:19.607", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5"}, {"source": "security-advisories@github.com", "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8"}, {"source": "security-advisories@github.com", "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,9.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "lam", "source": "cna", "vendor": "LDAPAccountManager"}, "product": "lam", "vendor": "ldapaccountmanager"}], "created": "2026-03-18T10:42:28.791640+00:00", "updated": "2026-03-18T10:42:28.791717+00:00", "vendors": ["ldapaccountmanager", "ldapaccountmanager$PRODUCT$lam"]}