COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-44930

CVE-2026-44930

Severity
critical
Source
NVD · cve
Published
2026-05-22
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-44930
shame 35/100

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Players implicated

apache · vendorcxf · product

Description

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository.  Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.