VYPR

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

BaseDraft

Description

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-136

CVEs mapped to this weakness (42)

page 1 of 3
  • CVE-2016-9299CriJan 12, 2017
    risk 0.68cvss 9.8epss 0.97

    The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

  • CVE-2026-44930CriMay 22, 2026
    risk 0.64cvss 9.8epss 0.00

    An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

  • CVE-2011-4069CriFeb 1, 2018
    risk 0.64cvss 9.8epss 0.02

    html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

  • CVE-2017-14596CriSep 20, 2017
    risk 0.64cvss 9.8epss 0.06

    In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

  • CVE-2017-8790CriMay 5, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

  • CVE-2026-41919CriMay 19, 2026
    risk 0.59cvss 9.1epss 0.00

    Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-40459HigApr 17, 2026
    risk 0.57cvss 8.8epss 0.01

    PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J…

  • CVE-2026-39962CriApr 9, 2026
    risk 0.55cvss 9.6epss 0.00

    MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use…

  • CVE-2026-44304HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module (lemur/auth/ldap.py) constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through…

  • CVE-2026-29138HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.

  • CVE-2026-29131HigApr 2, 2026
    risk 0.49cvss 7.5epss 0.00

    SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users.

  • CVE-2023-3447HigJun 29, 2023
    risk 0.49cvss 7.6epss 0.00

    The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account…

  • CVE-2017-4927HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.02

    VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

  • CVE-2024-56841HigJan 14, 2025
    risk 0.48cvss 7.4epss 0.00

    A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

  • CVE-2026-40193HigApr 16, 2026
    risk 0.46cvss 8.2epss 0.00

    maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter…

  • CVE-2026-34578HigApr 9, 2026
    risk 0.46cvss 8.2epss 0.00

    OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap_escape(). An unauthenticated attacker can inject LDAP filter metacharacters…

  • CVE-2026-1498HigJan 30, 2026
    risk 0.46cvss epss 0.01

    An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a…

  • CVE-2016-9870MedJan 23, 2017
    risk 0.44cvss 6.7epss 0.00

    EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the…

  • CVE-2016-8750MedFeb 19, 2018
    risk 0.43cvss 6.5epss 0.05

    Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.

  • CVE-2026-44671HigMay 14, 2026
    risk 0.42cvss 7.5epss 0.00

    ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search…