Medium severityNVD Advisory· Published Jan 7, 2026· Updated Apr 15, 2026

CVE-2026-22185

Description

OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.

Affected products

LMDB/Lmdbinferred
Range: <=0.9.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.openldap.org/show_bug.cginvd
seclists.org/fulldisclosure/2026/Jan/5nvd
seclists.org/fulldisclosure/2026/Jan/8nvd
www.openldap.orgnvd
www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readlinenvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000