cbcvebase.
CVE-2026-44930
published 2026-05-22

CVE-2026-44930: An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.7th percentile
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Affected

6 ranges
VendorProductVersion rangeFixed in
apachecxf< 3.6.113.6.11
apachecxf
apachecxf>= 4.0.0 < 4.1.64.1.6
apache_software_foundationapache_cxf< 3.6.113.6.11
apache_software_foundationapache_cxf>= 4.0.0 < 4.1.64.1.6
apache_software_foundationapache_cxf>= 4.2.0 < 4.2.14.2.1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is the LDAP Certificate repository of the XKMS server in Apache CXF, specifically the `cxf-services-xkms-x509-repo-ldap` package. Monitor for LDAP injection patterns in queries directed at this component.
  • Target artifact for detection/inventory: `cxf-services-xkms-x509-repo-ldap` — flag any deployment of this component in Red Hat build of Apache Camel for Spring Boot 4, Red Hat Fuse 7, or Red Hat JBoss Enterprise Application Platform Expansion Pack as affected.
  • No authentication is required to exploit this vulnerability — treat any unauthenticated LDAP query traffic to the XKMS certificate repository endpoint as suspicious.
  • ·Fixed versions are 4.2.1, 4.1.6, and 3.6.11. Any Apache CXF deployment running older versions with the XKMS LDAP repository enabled is vulnerable.
  • ·No mitigation is currently available for Red Hat products — patching is the only remediation path.
  • ·The fix for Red Hat Fuse 7 is deferred, meaning deployments on that platform remain exposed even after vendor acknowledgement.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.