CVE-2026-41919

CVE-2026-41919: Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-90 · LDAP injection

Published May 19, 2026

Last update May 19, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Key dates

Disclosure timeline

May 19, 2026 CVE published

May 19, 2026 Record updated