CVE-2026-25560
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorpor
CVSS
9.8
Crítico
EPSS
0.7%
p47
KEV
—
Exploit Today
14
0-100
Publicado: 7 feb 2026 · Última mod.: 14 jul 2026 · CWE-90
0.7%EPSS · 30 días0.7%
2026-06-302026-07-17
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-449309.8 CRÍ49.8%
——15An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.3dCVE-2026-473038.8 ALT43.9%
——13Authentication bypass by assumed-immutable data in ASP.NET Core allows an authorized attacker to elevate privileges over a network.3dCVE-2026-06366.5 MED41.1%
——12Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).
This vulnerability is associated with program files LDAPStoreHelper.
This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.1dCVE-2026-136968.8 ALT27.8%
——8Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.
This issue affects Liman MYS: before release.Master.1107.10dCVE-2026-42568.2 ALT11.6%
——3Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.
This issue affects PassGate: through 30042026.8d