Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-46745 | 1 Apache | 1 Apache-airflow-providers-fab | 2026-05-27 | N/A | 5.3 MEDIUM |
| Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated. | |||||
| CVE-2026-44930 | 1 Apache | 1 Cxf | 2026-05-22 | N/A | 9.8 CRITICAL |
| An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue. | |||||
| CVE-2026-44063 | 2026-05-21 | N/A | 4.2 MEDIUM | ||
| An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input. | |||||
| CVE-2026-41919 | 1 Apache | 1 Ofbiz | 2026-05-19 | N/A | 9.1 CRITICAL |
| Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. | |||||
| CVE-2026-0636 | 2026-05-19 | N/A | N/A | ||
| Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84. | |||||
| CVE-2026-44671 | 1 Zitadel | 1 Zitadel | 2026-05-15 | N/A | 7.5 HIGH |
| ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process. While this vulnerability does not allow for a full authentication bypass, an attacker can use LDAP metacharacters (such as *, (, )) to perform blind LDAP injection. By observing the different failure (or success) responses, an attacker can systematically enumerate valid usernames and extract sensitive attribute data from the connected LDAP directory. This vulnerability is fixed in 3.4.10 and 4.15.0. | |||||
| CVE-2026-44304 | 2026-05-14 | N/A | 8.1 HIGH | ||
| Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership queries and escalate their privileges to administrator. This vulnerability is fixed in 1.9.0. | |||||
| CVE-2017-8790 | 1 Accellion | 1 File Transfer Appliance | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection. | |||||
| CVE-2017-14596 | 1 Joomla | 1 Joomla\! | 2026-05-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | |||||
| CVE-2015-7294 | 1 Ldapauth-fork Project | 1 Ldapauth-fork | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. | |||||
| CVE-2016-9870 | 1 Emc | 1 Isilon Onefs | 2026-05-13 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | |||||
| CVE-2017-4927 | 1 Vmware | 1 Vcenter Server | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | |||||
| CVE-2016-9299 | 2 Fedoraproject, Jenkins | 2 Fedora, Jenkins | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | |||||
| CVE-2026-27860 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-04-29 | N/A | 3.7 LOW |
| If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known. | |||||
| CVE-2026-33609 | 1 Powerdns | 1 Authoritative | 2026-04-24 | N/A | 5.3 MEDIUM |
| Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees. | |||||
| CVE-2026-40606 | 1 Mitmproxy | 1 Mitmproxy | 2026-04-24 | N/A | 4.8 MEDIUM |
| mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP server. This allows a malicious client to bypass authentication. Only mitmproxy instances using the proxyauth option with LDAP are affected. This option is not enabled by default. The vulnerability has been fixed in mitmproxy 12.2.2 and above. | |||||
| CVE-2026-39962 | 1 Misp | 1 Misp | 2026-04-23 | N/A | 9.6 CRITICAL |
| MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36. | |||||
| CVE-2026-40193 | 1 Maddy Project | 1 Maddy | 2026-04-22 | N/A | 8.2 HIGH |
| maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping, despite the go-ldap/ldap/v3 library's ldap.EscapeFilter() function being available in the same import. This affects three code paths: the Lookup() filter, the AuthPlain() DN template, and the AuthPlain() filter. An attacker with network access to the SMTP submission or IMAP interface can inject arbitrary LDAP filter expressions through the username field in AUTH PLAIN or LOGIN commands. This enables identity spoofing by manipulating filter results to authenticate as another user, LDAP directory enumeration via wildcard filters, and blind extraction of LDAP attribute values using authentication responses as a boolean oracle or via timing side-channels between the two distinct failure paths. This issue has been fixed in version 0.9.3. | |||||
| CVE-2026-40459 | 1 Pac4j | 1 Pac4j | 2026-04-20 | N/A | 8.8 HIGH |
| PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 and 6.4.1 | |||||
| CVE-2026-29131 | 1 Seppmail | 1 Secure Email Gateway | 2026-04-16 | N/A | 7.5 HIGH |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | |||||