SecBoard
Zurück zur CVE-Übersicht

CVE-2026-44930

CRITICAL(9.8)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Risk Signal Score25/100 — MITTEL
  • CVSS 9.8 — Kritisch

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

9.8

Technische Schwere

Beschreibung

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

GitHub Advisories

GHSA-pg32-686q-qh6xCRITICAL

Apache CXF has an LDAP injection vulnerability

maven/org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap4.2.1
GitHub Advisory

Referenzen