CVE Catalog

CVE-2026-41919

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-41919 describes an improper neutralization of special elements used in LDAP queries, leading to LDAP Injection vulnerability in Apache OFBiz.

Risk Assessment

An attacker could exploit this vulnerability to manipulate LDAP queries, potentially leading to unauthorized access to data or systems.

Recommendation

Users are advised to upgrade to version 24.09.06 of Apache OFBiz, which fixes the issue.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS