CVE-2026-44930: Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
Published May 22, 2026
·Updated
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Affected Software
1 affected component
Apache Apache CXF<4.2.1, <4.1.6, <3.6.11
Event History
May 22, 2026
CVE Published
via MITRE·12:16 PM
Data Sourced
via MITRE·12:16 PM
DescriptionWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-44930?
CVE-2026-44930 has a risk rating of 28, indicating a high severity vulnerability.
2
How do I fix CVE-2026-44930?
To fix CVE-2026-44930, upgrade to Apache CXF version 4.2.1, 4.1.6, or 3.6.11.
3
What is the impact of CVE-2026-44930?
CVE-2026-44930 allows attackers to perform LDAP injection, potentially retrieving arbitrary certificates from the XKMS LDAP repository.
4
Which versions of Apache CXF are affected by CVE-2026-44930?
Versions prior to 4.2.1, 4.1.6, and 3.6.11 of Apache CXF are affected by CVE-2026-44930.
5
When was CVE-2026-44930 published?
CVE-2026-44930 was published on May 22, 2026.