{"id":"JLSEC-2026-174","details":"In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.","modified":"2026-04-21T00:17:45.063523Z","published":"2026-04-21T00:04:14.628Z","upstream":["CVE-2022-29155"],"database_specific":{"sources":[{"modified":"2024-11-21T06:58:36.057Z","published":"2022-05-04T20:15:07.690Z","imported":"2026-04-20T22:59:56.382Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-29155","database_specific":{"status":"Modified"},"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-29155","id":"CVE-2022-29155"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://bugs.openldap.org/show_bug.cgi?id=9815"},{"type":"WEB","url":"https://bugs.openldap.org/show_bug.cgi?id=9815"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220609-0007/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220609-0007/"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5140"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5140"}],"affected":[{"package":{"name":"OpenLDAPClient_jll","ecosystem":"Julia","purl":"pkg:julia/OpenLDAPClient_jll?uuid=234f2d50-f964-585e-b1c8-17cd4567e563"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.5.14+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-174.json"}}],"schema_version":"1.7.5"}