CVE-2026-44930

CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

Vendor Apache Software Foundation

Product Apache CXF

Weakness CWE-90 · LDAP injection

Published May 22, 2026

Last update May 22, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Key dates

Disclosure timeline

May 22, 2026 CVE published

May 22, 2026 Record updated

Identifiers

CVE CVE-2026-44930

CWE CWE-90

Affected versions

Vendor Apache Software Foundation

Product Apache CXF

Affected ≥ 4.2.0 and < 4.2.1

Vendor Apache Software Foundation

Product Apache CXF

Affected ≥ 4.0.0 and < 4.1.6

Vendor Apache Software Foundation

Product Apache CXF

Affected < 3.6.11