VYPR

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

BaseDraft

Description

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-136

CVEs mapped to this weakness (42)

page 2 of 3
  • CVE-2025-27631MedMar 25, 2025
    risk 0.42cvss 6.5epss 0.00

    The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.

  • CVE-2022-2232HigNov 14, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.

  • CVE-2015-7294HigSep 6, 2017
    risk 0.42cvss 7.5epss 0.02

    ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.

  • CVE-2026-45559MedJun 10, 2026
    risk 0.32cvss 4.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim…

  • CVE-2026-42568MedJun 10, 2026
    risk 0.31cvss 4.3epss 0.01

    Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515…

  • CVE-2026-0636MedApr 15, 2026
    risk 0.29cvss epss 0.00

    Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from…

  • CVE-2026-46745MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.01

    Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible,…

  • CVE-2026-33609MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.

  • CVE-2026-40606MedApr 21, 2026
    risk 0.24cvss 4.8epss 0.00

    mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when…

  • CVE-2026-44063MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted filter input.

  • CVE-2026-27860LowMar 27, 2026
    risk 0.17cvss 3.7epss 0.00

    If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out auth_username_chars, or install fixed version. No publicly…

  • CVE-2026-55770Jun 19, 2026
    risk 0.00cvss epss

    ## 1. Description ### Component `sdk/helper/ldaputil/client.go` — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs. ### Root Cause The LDAP utility contains a **function…

  • CVE-2026-49268Jun 17, 2026
    risk 0.00cvss epss 0.00

    A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input is directly concatenated into the LDAP DN template without any escaping of RFC 2253 special characters. This allows an…

  • CVE-2026-33751Mar 25, 2026
    risk 0.00cvss epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In…

  • CVE-2026-31828Mar 10, 2026
    risk 0.00cvss epss 0.00

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.13 and 8.6.26, the LDAP authentication adapter is vulnerable to LDAP injection. User-supplied input (authData.id) is interpolated directly into LDAP…

  • CVE-2026-24130Jan 22, 2026
    risk 0.00cvss epss 0.00

    Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response…

  • CVE-2025-12764Nov 13, 2025
    risk 0.00cvss epss 0.00

    pgAdmin <= 9.9  is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

  • CVE-2025-4573Jun 11, 2025
    risk 0.00cvss epss 0.00

    Mattermost versions 10.7.x <= 10.7.1, 10.6.x <= 10.6.3, 10.5.x <= 10.5.4, 9.11.x <= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter…

  • CVE-2024-31867Apr 9, 2024
    risk 0.00cvss epss 0.02

    Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version…

  • CVE-2021-41232Nov 2, 2021
    risk 0.00cvss epss 0.01

    Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been…