Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-90

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

64 vulnerabilities with CWE-90

CVE-2026-42568 MEDIUM

YAMCS yamcs-core 5.12.7 - LDAP Injection

CVE-2026-45559 MEDIUM

Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)

CVE-2026-46745 MEDIUM

Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

CVE-2026-44930 CRITICAL

Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository

CVE-2026-44063 MEDIUM

Netatalk 2.1.0-4.4.2 and >=4.5.0 - Authenticated LDAP Injection via Crafted Filter Input

CVE-2026-41919 CRITICAL

Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

CVE-2026-44671 HIGH

ZITADEL: LDAP Filter Injection in Login Flow

CVE-2026-44304 HIGH

Lemur: LDAP Filter Injection enables post-authentication privilege escalation

CVE-2026-33609 MEDIUM

LDAP DN injection

CVE-2026-40606 MEDIUM

ProxyAuth Addon LDAP Injection in mitmproxy

CVE-2026-40459 HIGH

LDAP Injection in PAC4J

CVE-2026-40193 HIGH

Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

CVE-2026-0636 MEDIUM

LDAP Injection Vulnerability in LDAPStoreHelper.java

CVE-2026-39962 CRITICAL

LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable

CVE-2026-34578 HIGH

OPNsense <26.1.6 WebGUI Login Username - LDAP Injection

CVE-2026-29138 HIGH

SEPPmail Secure Email Gateway - PGP Decryption Sender LDAP Injection

CVE-2026-29131 HIGH

SEPPmail Secure Email Gateway - PGP Decryption Recipient LDAP Injection

CVE-2026-27860 LOW

OX Dovecot Pro <3.1.0 - Auth Bypass

CVE-2026-33751 MEDIUM

n8n Vulnerable to LDAP Filter Injection in LDAP Node

CVE-2026-33289 HIGH

SuiterCRM has LDAP Filter Injection in Authentication Module

CVE-2026-31828 HIGH

Parse Server <9.5.2-alpha.13/8.6.26 - LDAP Injection

CVE-2026-25560 CRITICAL

WeKan < 8.19 - LDAP Injection in Authentication Filter

CVE-2026-1498 HIGH

WatchGuard Fireware OS - Info Disclosure

CVE-2026-24130 MEDIUM

Moonraker < 0.10.0 - LDAP Injection via Login Endpoint

CVE-2026-21880 MEDIUM

kanboard < 1.2.49 - LDAP Injection in Authentication Mechanism

Page 1 of 3 Next

Details

Vulnerabilities 64

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy