CVE-2026-44930
published 2026-05-22CVE-2026-44930: An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.68%
47.7th percentile
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cxf | < 3.6.11 | 3.6.11 |
| apache | cxf | — | — |
| apache | cxf | >= 4.0.0 < 4.1.6 | 4.1.6 |
| apache_software_foundation | apache_cxf | < 3.6.11 | 3.6.11 |
| apache_software_foundation | apache_cxf | >= 4.0.0 < 4.1.6 | 4.1.6 |
| apache_software_foundation | apache_cxf | >= 4.2.0 < 4.2.1 | 4.2.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is the LDAP Certificate repository of the XKMS server in Apache CXF, specifically the `cxf-services-xkms-x509-repo-ldap` package. Monitor for LDAP injection patterns in queries directed at this component. ↗
- →Target artifact for detection/inventory: `cxf-services-xkms-x509-repo-ldap` — flag any deployment of this component in Red Hat build of Apache Camel for Spring Boot 4, Red Hat Fuse 7, or Red Hat JBoss Enterprise Application Platform Expansion Pack as affected. ↗
- →No authentication is required to exploit this vulnerability — treat any unauthenticated LDAP query traffic to the XKMS certificate repository endpoint as suspicious. ↗
- ·Fixed versions are 4.2.1, 4.1.6, and 3.6.11. Any Apache CXF deployment running older versions with the XKMS LDAP repository enabled is vulnerable. ↗
- ·No mitigation is currently available for Red Hat products — patching is the only remediation path. ↗
- ·The fix for Red Hat Fuse 7 is deferred, meaning deployments on that platform remain exposed even after vendor acknowledgement. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Apache CXF has an LDAP injection vulnerability
ghsa·2026-05-26
CVE-2026-44930 [CRITICAL] CWE-90 Apache CXF has an LDAP injection vulnerability
Apache CXF has an LDAP injection vulnerability
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
GHSA
GHSA-pg32-686q-qh6x: An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certif
ghsa_unreviewed·2026-05-26
CVE-2026-44930 [CRITICAL] CWE-90 GHSA-pg32-686q-qh6x: An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certif
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
VulDB
Apache CXF up to 3.6.10/4.1.5/4.2.0 Certificate ldap injection (WID-SEC-2026-1659)
vuldb·2026-05-22
CVE-2026-44930 [LOW] Apache CXF up to 3.6.10/4.1.5/4.2.0 Certificate ldap injection (WID-SEC-2026-1659)
A vulnerability labeled as problematic has been found in Apache CXF up to 3.6.10/4.1.5/4.2.0. This affects an unknown function of the component Certificate Handler. Such manipulation leads to ldap injection.
This vulnerability is documented as CVE-2026-44930. The attack requires being on the local network. There is not any exploit available.
The affected component should be upgraded.
CVEList
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
cvelistv5·2026-05-22·CVSS 4.3
CVE-2026-44930 [MEDIUM] CWE-90 Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Red Hat
apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
vendor_redhat·2026-05-22·CVSS 9.8
CVE-2026-44930 [CRITICAL] CWE-90 apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
A flaw was found in Apache CXF. A remote attacker could exploit an LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server. This vulnerability allows the attacker to retrieve arbitrary certificates from the repository, leading to information disclosure.
Statement: This is an Important information disclosure flaw in Apache CXF's XKMS server, allowing a remote attacker to
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-44930 apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
bugzilla·2026-05-22·CVSS 9.8
CVE-2026-44930 [CRITICAL] CVE-2026-44930 apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
CVE-2026-44930 apache-cxf: org.apache.cxf.services.xkms/cxf-services-xkms-x509-repo-ldap: Apache CXF: Information Disclosure via LDAP Injection
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.
Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Hackernews
⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
blogs_hackernews·2026-06-01·CVSS 7.8
CVE-2026-0257 [HIGH] ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More
Monday hit like a cron job with anger issues.
A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivity, and AI lowering the bar for people who already thought 'curl | sh' had a personality.
The vibe is simple: old bugs, new wrappers, faster abuse. Patch the obvious crap first. Then read the rest.
## ⚡ Threat of the Week
PAN-OS GlobalProtect Authenticati
2026-05-22
Published