CVE-2020-26542 SimpleLDAP authentication Percona Server, Percona Server MongoDB


When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory,

Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.


Percona Server MySQL

Percona Server Mysql 8.x. < 8.0.21

Percona XtraDB Cluster

percona XtraDB Cluster 8.x. <

Percona Server MongoDB

Percona Server MongoDB Only the exact minor versions listed here are affected: 3.6.19-7.0, 4.0.18-11, 4.0.19-12, 4.0.20-13, 4.2.5-5, 4.2.6-6, 4.2.7-7, 4.2.8-8, 4.2.9-9, 4.4.0-1, 4.4.1-2

More information

Release Notes

Percona Distribution for MySQL (PXC Variant) 8.0.20, Fixes For Security Vulnerability: Release Roundup October 13, 2020


by David Busby via Percona Database Performance Blog