CVE-2026-0636
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JA
CVSS
6.5
Medium
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Published: Apr 15, 2026 · Last modified: Jul 16, 2026 · CWE-90
0.5%EPSS · 30 days0.5%
2026-06-302026-07-17
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.
- github.comhttps://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde
- github.comhttps://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11720
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:11721
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:13631
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:14272
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:14276
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:17668
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18054
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18055
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:18059
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:21772
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-0636
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2458641
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0636.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-449309.8 CRI49.8%
——15An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.3dCVE-2026-255609.8 CRI47.2%
——14WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.3dCVE-2026-473038.8 HIG43.9%
——13Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.3dCVE-2026-136968.8 HIG27.8%
——8Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.
This issue affects Liman MYS: before release.Master.1107.10dCVE-2026-42568.2 HIG11.6%
——3Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.
This issue affects PassGate: through 30042026.8d