CVE-2026-41919
Description
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LDAP injection vulnerability in Apache OFBiz allows authentication bypass; upgrade to 24.09.06.
Vulnerability
Improper neutralization of special elements used in an LDAP query (LDAP injection) in Apache OFBiz before version 24.09.06 allows an attacker to manipulate LDAP queries. This affects all versions prior to the fix. [1]
Exploitation
An attacker with network access to the vulnerable OFBiz instance can craft malicious input to LDAP queries, bypassing authentication checks. No special privileges are required. [1]
Impact
Successful exploitation leads to authentication bypass, granting the attacker unauthorized access to the application and potentially sensitive data. [1]
Mitigation
Upgrade to Apache OFBiz version 24.09.06 or later, which resolves the vulnerability. No workarounds are documented. [1]
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- lists.apache.org/thread/592czh9o69n74c036vy30fnqknocw74pnvdMailing ListVendor Advisory
- www.openwall.com/lists/oss-security/2026/05/19/27nvd
News mentions
0No linked articles in our index yet.