CVE-2026-44930
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitr
CVSS
9.8
Critical
EPSS
0.7%
p50
KEV
—
Exploit Today
15
0-100
Published: May 22, 2026 · Last modified: Jul 15, 2026 · CWE-90
0.7%EPSS · 30 days0.7%
2026-06-302026-07-17
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
- lists.apache.orghttps://lists.apache.org/thread/c1zqxppo1m5z3kbdhjn5p991zk09ynkh
- www.openwall.comhttp://www.openwall.com/lists/oss-security/2026/05/22/9
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:37390
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-44930
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2480728
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44930.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-255609.8 CRI47.2%
——14WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.3dCVE-2026-473038.8 HIG43.9%
——13Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.3dCVE-2026-06366.5 MED41.1%
——12Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).
This vulnerability is associated with program files LDAPStoreHelper.
This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.1dCVE-2026-136968.8 HIG27.8%
——8Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.
This issue affects Liman MYS: before release.Master.1107.10dCVE-2026-42568.2 HIG11.6%
——3Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.
This issue affects PassGate: through 30042026.8d