Critical severity9.1NVD Advisory· Published Nov 10, 2024· Updated Apr 15, 2026

CVE-2021-35473

Description

An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4.

Patches

8d3b763b6af2

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ngvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000