Zurück zur CVE-Übersicht
CVE-2026-44930
CRITICAL(9.8)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score25/100 — MITTEL
- CVSS 9.8 — Kritisch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
GitHub Advisories
GHSA-pg32-686q-qh6xCRITICAL
Apache CXF has an LDAP injection vulnerability
maven/org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap→ 4.2.1
GitHub AdvisoryReferenzen
- https://lists.apache.org/thread/c1zqxppo1m5z3kbdhjn5p991zk09ynkh
- http://www.openwall.com/lists/oss-security/2026/05/22/9
- https://access.redhat.com/errata/RHSA-2026:37390
- https://access.redhat.com/security/cve/CVE-2026-44930
- https://bugzilla.redhat.com/show_bug.cgi?id=2480728
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44930.json