CVE Catalog

CVE-2026-44930

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.68%

48th percentile — higher than 48% of all known CVEs

Summary

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.

Risk Assessment

An attacker could gain unauthorized access to sensitive certificates, potentially compromising the confidentiality and integrity of communications within the organization.

Recommendation

Upgrade Apache CXF to versions 4.2.1, 4.1.6, or 3.6.11, which contain the fix for this vulnerability.

Original NVD description (English source)

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS