CWE-90
AllowedImproper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Abstraction: Base · Status: Draft
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
114 vulnerabilities reference this CWE, most recent first.
CVE-2026-27860 (GCVE-0-2026-27860)
Vulnerability from cvelistv5 – Published: 2026-03-27 08:10 – Updated: 2026-03-27 12:33- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| URL | Tags |
|---|---|
| https://documentation.open-xchange.com/dovecot/se… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Open-Xchange GmbH | OX Dovecot Pro |
Affected:
0 , ≤ 3.1.0
(semver)
Affected: 0 , ≤ 2.4.0 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T12:33:33.962683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:33:57.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"core"
],
"product": "OX Dovecot Pro",
"vendor": "Open-Xchange GmbH",
"versions": [
{
"lessThanOrEqual": "3.1.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot\u0027s LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly available exploits are known."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T12:33:33.940Z",
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://documentation.open-xchange.com/dovecot/security/advisories/csaf/2026/oxdc-adv-2026-0001.json"
}
],
"source": {
"defect": "DOV-8775",
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"cveId": "CVE-2026-27860",
"datePublished": "2026-03-27T08:10:22.695Z",
"dateReserved": "2026-02-24T08:46:09.374Z",
"dateUpdated": "2026-03-27T12:33:57.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25560 (GCVE-0-2026-25560)
Vulnerability from cvelistv5 – Published: 2026-02-07 21:56 – Updated: 2026-07-14 15:53- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| URL | Tags |
|---|---|
| https://github.com/wekan/wekan/commit/0b0e16c3eae… | patch |
| https://wekan.fi/ | product |
| https://www.vulncheck.com/advisories/wekan-ldap-a… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25560",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T16:19:22.225789Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:19:54.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/wekan/wekan",
"product": "WeKan",
"repo": "https://github.com/wekan/wekan",
"vendor": "WeKan",
"versions": [
{
"lessThan": "8.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wekan_project:wekan:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication."
}
],
"value": "WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate LDAP queries during authentication."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T15:53:44.594Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/wekan/wekan/commit/0b0e16c3eae28bbf453d33a81a9c58ce7db6d5bb"
},
{
"tags": [
"product"
],
"url": "https://wekan.fi/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/wekan-ldap-authentication-filter-injection"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WeKan \u003c 8.19 LDAP Authentication Filter Injection",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-25560",
"datePublished": "2026-02-07T21:56:19.152Z",
"dateReserved": "2026-02-02T20:12:33.396Z",
"dateUpdated": "2026-07-14T15:53:44.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24130 (GCVE-0-2026-24130)
Vulnerability from cvelistv5 – Published: 2026-01-22 22:53 – Updated: 2026-01-23 20:03| URL | Tags |
|---|---|
| https://github.com/Arksine/moonraker/security/adv… | x_refsource_CONFIRM |
| https://github.com/Arksine/moonraker/commit/74c5d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-23T20:03:39.265186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T20:03:49.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "moonraker",
"vendor": "Arksine",
"versions": [
{
"status": "affected",
"version": "\u003c 0.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the \"ldap\" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:53:34.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Arksine/moonraker/security/advisories/GHSA-3jqf-v4mv-747g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Arksine/moonraker/security/advisories/GHSA-3jqf-v4mv-747g"
},
{
"name": "https://github.com/Arksine/moonraker/commit/74c5d8e44c4a4abbfbb06fb991e7ebb9ac947f42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Arksine/moonraker/commit/74c5d8e44c4a4abbfbb06fb991e7ebb9ac947f42"
}
],
"source": {
"advisory": "GHSA-3jqf-v4mv-747g",
"discovery": "UNKNOWN"
},
"title": "Moonraker with LDAP Enabled Allows Malicious Search Filter Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24130",
"datePublished": "2026-01-22T22:53:34.769Z",
"dateReserved": "2026-01-21T18:38:22.474Z",
"dateUpdated": "2026-01-23T20:03:49.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21880 (GCVE-0-2026-21880)
Vulnerability from cvelistv5 – Published: 2026-01-08 00:59 – Updated: 2026-01-08 18:29| URL | Tags |
|---|---|
| https://github.com/kanboard/kanboard/security/adv… | x_refsource_CONFIRM |
| https://github.com/kanboard/kanboard/commit/dd374… | x_refsource_MISC |
| https://github.com/kanboard/kanboard/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21880",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T18:29:07.788117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T18:29:16.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanboard",
"vendor": "kanboard",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.49"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T00:59:20.338Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7"
},
{
"name": "https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586"
},
{
"name": "https://github.com/kanboard/kanboard/releases/tag/v1.2.49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanboard/kanboard/releases/tag/v1.2.49"
}
],
"source": {
"advisory": "GHSA-v66r-m28r-wmq7",
"discovery": "UNKNOWN"
},
"title": "Kanboard LDAP Injection Vulnerability can Lead to User Enumeration and Information Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21880",
"datePublished": "2026-01-08T00:59:20.338Z",
"dateReserved": "2026-01-05T17:24:36.928Z",
"dateUpdated": "2026-01-08T18:29:16.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13696 (GCVE-0-2026-13696)
Vulnerability from cvelistv5 – Published: 2026-07-07 11:15 – Updated: 2026-07-07 13:23- CWE-90 - Improper neutralization of special elements used in an LDAP query ('LDAP injection')
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| HAVELSAN Inc. | Liman MYS |
Affected:
0 , < release.master.1107
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T13:23:27.581114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T13:23:40.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liman MYS",
"vendor": "HAVELSAN Inc.",
"versions": [
{
"lessThan": "release.master.1107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Enes Can ADIL"
}
],
"datePublic": "2026-07-07T11:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\u003cp\u003eThis issue affects Liman MYS: before release.Master.1107.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.\n\nThis issue affects Liman MYS: before release.Master.1107."
}
],
"impacts": [
{
"capecId": "CAPEC-136",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-136 LDAP Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T11:15:55.926Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504"
}
],
"source": {
"advisory": "TR-26-0504",
"defect": [
"TR-26-0504"
],
"discovery": "UNKNOWN"
},
"title": "LDAP Injection in HAVELSAN\u0027s Liman MYS",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-13696",
"datePublished": "2026-07-07T11:15:55.926Z",
"dateReserved": "2026-06-29T11:13:06.325Z",
"dateUpdated": "2026-07-07T13:23:40.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4256 (GCVE-0-2026-4256)
Vulnerability from cvelistv5 – Published: 2026-07-09 13:15 – Updated: 2026-07-09 13:42- CWE-90 - Improper neutralization of special elements used in an LDAP query ('LDAP injection')
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| PEAKUP Technology Inc. | PassGate |
Affected:
0 , ≤ 30042026
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T13:41:56.831228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:42:03.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PassGate",
"vendor": "PEAKUP Technology Inc.",
"versions": [
{
"lessThanOrEqual": "30042026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Eren Can \u00d6ZMEN"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.\u003cp\u003eThis issue affects PassGate: through 30042026.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.\n\nThis issue affects PassGate: through 30042026."
}
],
"impacts": [
{
"capecId": "CAPEC-136",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-136 LDAP Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T13:15:55.283Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0523"
}
],
"source": {
"advisory": "TR-26-0523",
"defect": [
"TR-26-0523"
],
"discovery": "UNKNOWN"
},
"title": "LDAP Injection in PEAKUP\u0027s PassGate",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-4256",
"datePublished": "2026-07-09T13:15:55.283Z",
"dateReserved": "2026-03-16T07:44:00.802Z",
"dateUpdated": "2026-07-09T13:42:03.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1498 (GCVE-0-2026-1498)
Vulnerability from cvelistv5 – Published: 2026-01-30 13:02 – Updated: 2026-02-02 16:32- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| Vendor | Product | Version | |
|---|---|---|---|
| WatchGuard | Fireware OS |
Affected:
12.0 , ≤ 12.11.6
(semver)
Affected: 12.5 , ≤ 12.5.15 (semver) Affected: 2025.1 , ≤ 2026.0 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-30T14:13:16.323800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T16:32:46.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fireware OS",
"vendor": "WatchGuard",
"versions": [
{
"lessThanOrEqual": "12.11.6",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "12.5.15",
"status": "affected",
"version": "12.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "2026.0",
"status": "affected",
"version": "2025.1",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0",
"versionEndIncluding": "12.11.6",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5",
"versionEndIncluding": "12.5.15",
"versionStartIncluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1",
"versionEndIncluding": "2026.0",
"versionStartIncluding": "2025.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user\u0027s valid passphrase.\u003cp\u003eThis issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.\u003c/p\u003e"
}
],
"value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user\u0027s valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0."
}
],
"impacts": [
{
"capecId": "CAPEC-136",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-136 LDAP Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-30T13:02:59.561Z",
"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"shortName": "WatchGuard"
},
"references": [
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"
}
],
"source": {
"advisory": "WGSA-2026-00001",
"defect": [
"FBX-31010"
],
"discovery": "INTERNAL"
},
"title": "WatchGuard Firebox LDAP Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
"assignerShortName": "WatchGuard",
"cveId": "CVE-2026-1498",
"datePublished": "2026-01-30T13:02:59.561Z",
"dateReserved": "2026-01-27T17:23:30.578Z",
"dateUpdated": "2026-02-02T16:32:46.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0636 (GCVE-0-2026-0636)
Vulnerability from cvelistv5 – Published: 2026-04-15 08:59 – Updated: 2026-07-15 11:47| Vendor | Product | Version | |
|---|---|---|---|
| Legion of the Bouncy Castle Inc. | BC-JAVA |
Affected:
1.74 , < 1.80.2
(maven)
Affected: 1.81 , < 1.81.1 (maven) Affected: 1.82 , < 1.84 (maven) |
|
| Red Hat | Red Hat AMQ Broker 7.12.7 |
cpe:/a:redhat:amq_broker:7.12 |
|
| Red Hat | Red Hat AMQ Broker 7.13.5 |
cpe:/a:redhat:amq_broker:7.13 |
|
| Red Hat | Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 |
cpe:/a:redhat:apache_camel_quarkus:3.27 |
|
| Red Hat | Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14 |
Unaffected:
debug-jdk15on , < *
(rpm)
cpe:/a:redhat:apache_camel_spring_boot:4.18 |
|
| Red Hat | Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14 |
cpe:/a:redhat:apache_camel_spring_boot:4.18 |
|
| Red Hat | Red Hat build of Quarkus 3.20.6.SP1 |
cpe:/a:redhat:quarkus:3.20::el8 |
|
| Red Hat | Red Hat build of Quarkus 3.27.3.SP1 |
cpe:/a:redhat:quarkus:3.27::el8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 |
Unaffected:
ext-jdk15on , < *
(rpm)
Unaffected: ext-jdk18on , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 |
Unaffected:
0:1.84.0-1.redhat_00001.1.el8eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 |
Unaffected:
0:1.84.0-1.redhat_00001.1.el9eap , < *
(rpm)
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
Unaffected:
1779528224 , < *
(rpm)
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
Unaffected:
1779359423 , < *
(rpm)
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | Red Hat AMQ Broker 7 |
cpe:/a:redhat:amq_broker:7 |
|
| Red Hat | Red Hat AMQ Clients |
cpe:/a:redhat:amq_clients:2023 |
|
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 |
cpe:/a:redhat:camel_quarkus:3 |
|
| Red Hat | Red Hat build of Apicurio Registry 3 |
cpe:/a:redhat:apicurio_registry:3 |
|
| Red Hat | Red Hat build of Debezium 3 |
cpe:/a:redhat:debezium:3 |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Red Hat | streams for Apache Kafka 2 |
cpe:/a:redhat:amq_streams:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T13:12:14.838595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T13:12:22.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7.12"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat AMQ Broker 7.12.7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7.13"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat AMQ Broker 7.13.5",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_quarkus:3.27"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat Build of Apache Camel 4.14 for Quarkus 3.27",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.18"
],
"defaultStatus": "affected",
"packageName": "bcprov",
"product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "debug-jdk15on",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.18"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.18"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.18"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-lts8on",
"product": "Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:3.20::el8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Quarkus 3.20.6.SP1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:quarkus:3.27::el8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Quarkus 3.27.3.SP1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "affected",
"packageName": "bcprov",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "ext-jdk15on",
"versionType": "rpm"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "ext-jdk18on",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk12",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15to18",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-bouncycastle",
"product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.84.0-1.redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-bouncycastle",
"product": "Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.84.0-1.redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"packageName": "devspaces/openvsx-rhel9",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779528224",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"packageName": "devspaces/pluginregistry-rhel9",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1779359423",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "jenkins",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "jenkins-2-plugins",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "ocp-tools-4/jenkins-rhel8",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"packageName": "ocp-tools-4/jenkins-rhel9",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_broker:7"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat AMQ Broker 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_clients:2023"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat AMQ Clients",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:camel_quarkus:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Apache Camel 4 for Quarkus 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:apicurio_registry:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-lts8on",
"product": "Red Hat build of Apicurio Registry 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-ext-jdk15on",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"packageName": "bcprov-lts8on",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15to18",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "pki-core:10.6/resteasy",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pki-deps:10.6/resteasy",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "jmc",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "resteasy",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-debug-jdk18on",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-ext-jdk15on",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-ext-jdk18on",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15to18",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk16",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk12",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-ext-jdk15on",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-ext-jdk18on",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk12",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15to18",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on-1.83.0.redhat-00001.jar",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-modelmesh-rhel8",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-modelmesh-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15to18",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "candlepin",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"packageName": "satellite:el8/candlepin",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"packageName": "bcprov-jdk15on",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk15on",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"packageName": "bcprov-jdk18on",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-15T08:59:12.677Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, potentially leading to disclosure of sensitive information or the manipulation of directory search queries."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T11:47:42.222Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-0636"
},
{
"name": "RHBZ#2458641",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458641"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0636.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18055"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14276"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14272"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13631"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18059"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17668"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11721"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:18054: Red Hat JBoss EAP 8.1 for RHEL 8"
},
{
"lang": "en",
"value": "RHSA-2026:18055: Red Hat JBoss EAP 8.1 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14276: Red Hat AMQ Broker 7.12.7"
},
{
"lang": "en",
"value": "RHSA-2026:14272: Red Hat AMQ Broker 7.13.5"
},
{
"lang": "en",
"value": "RHSA-2026:13631: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
},
{
"lang": "en",
"value": "RHSA-2026:18059: Red Hat JBoss Enterprise Application Platform 8.1"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14"
},
{
"lang": "en",
"value": "RHSA-2026:11720: Red Hat build of Quarkus 3.20.6.SP1"
},
{
"lang": "en",
"value": "RHSA-2026:11721: Red Hat build of Quarkus 3.27.3.SP1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-15T10:01:32.911Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-15T08:59:12.677Z",
"value": "Made public."
}
],
"title": "bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this flaw, sanitize all user-supplied input to remove or escape LDAP special characters before passing it to the LDAPStoreHelper for directory queries. If the input contains unexpected metacharacters such as asterisks, parentheses or backslashes, reject the request or escape the characters."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.bouncycastle.org/download/bouncy-castle-java/",
"defaultStatus": "unaffected",
"modules": [
"prov"
],
"packageName": "bcprov",
"platforms": [
"all"
],
"product": "BC-JAVA",
"programFiles": [
"LDAPStoreHelper"
],
"repo": "https://github.com/bcgit/bc-java",
"vendor": "Legion of the Bouncy Castle Inc.",
"versions": [
{
"lessThan": "1.80.2",
"status": "affected",
"version": "1.74",
"versionType": "maven"
},
{
"lessThan": "1.81.1",
"status": "affected",
"version": "1.81",
"versionType": "maven"
},
{
"lessThan": "1.84",
"status": "affected",
"version": "1.82",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Prasanth Sundararajan (prasanth.srihari@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).\u003cp\u003e This vulnerability is associated with program files LDAPStoreHelper.\u003c/p\u003e\u003cp\u003eThis issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027) vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules).\n\n This vulnerability is associated with program files LDAPStoreHelper.\n\n\n\nThis issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/S:N/AU:Y/R:A/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper neutralization of special elements used in an LDAP query (\u0027LDAP injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T23:20:07.728Z",
"orgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
"shortName": "bcorg"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%900636"
},
{
"tags": [
"patch"
],
"url": "https://github.com/bcgit/bc-java/commit/d20cdb8430e09224114fec0179a71859929fcbde"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LDAP Injection Vulnerability in LDAPStoreHelper.java",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "91579145-5d7b-4cc5-b925-a0262ff19630",
"assignerShortName": "bcorg",
"cveId": "CVE-2026-0636",
"datePublished": "2026-04-15T08:59:12.677Z",
"dateReserved": "2026-01-06T03:18:21.572Z",
"dateUpdated": "2026-07-15T11:47:42.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67493 (GCVE-0-2025-67493)
Vulnerability from cvelistv5 – Published: 2025-12-17 21:09 – Updated: 2026-05-22 20:41| URL | Tags |
|---|---|
| https://github.com/homarr-labs/homarr/security/ad… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| homarr-labs | homarr |
Affected:
< 1.45.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:56:10.125990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:09:27.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "homarr",
"vendor": "homarr-labs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.45.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T20:41:35.171Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/homarr-labs/homarr/security/advisories/GHSA-59gp-q3xx-489q"
}
],
"source": {
"advisory": "GHSA-59gp-q3xx-489q",
"discovery": "UNKNOWN"
},
"title": "Homarr: missing input sanitization and possible privilege escalation through ldap search query injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67493",
"datePublished": "2025-12-17T21:09:44.090Z",
"dateReserved": "2025-12-08T18:49:47.487Z",
"dateUpdated": "2026-05-22T20:41:35.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-52575 (GCVE-0-2025-52575)
Vulnerability from cvelistv5 – Published: 2025-07-21 17:48 – Updated: 2025-07-21 18:09- CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| URL | Tags |
|---|---|
| https://github.com/espocrm/espocrm/security/advis… | x_refsource_CONFIRM |
| https://github.com/espocrm/espocrm/commit/8649f1a… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T18:07:22.509286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T18:09:07.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "espocrm",
"vendor": "espocrm",
"versions": [
{
"status": "affected",
"version": "\u003c 9.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote, unauthenticated attacker can manipulate LDAP queries by injecting crafted input containing wildcard characters (e.g., *). This may allow the attacker to bypass authentication controls, enumerate valid usernames, or retrieve sensitive directory information depending on the LDAP server configuration. This was fixed in version 9.1.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T17:48:11.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/espocrm/espocrm/security/advisories/GHSA-rjm8-77fr-4f3v"
},
{
"name": "https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/espocrm/espocrm/commit/8649f1ac0ce714b2c31727bca3dd95d06e17337f"
}
],
"source": {
"advisory": "GHSA-rjm8-77fr-4f3v",
"discovery": "UNKNOWN"
},
"title": "EspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special Elements"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52575",
"datePublished": "2025-07-21T17:48:11.466Z",
"dateReserved": "2025-06-18T03:55:52.037Z",
"dateUpdated": "2025-07-21T18:09:07.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.