An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Cxf
APPApache4.2.0< 3.6.114.0.0 – 4.1.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-49875CRITICAL9.8PL ✓ten sam produkt
Apache CXF: podatność XXE w EndpointReferenceUtils i W3CMultiSchemaFactory
CVE-2026-50628CRITICAL9.8PL ✓ten sam produkt
Apache CXF: błąd logiki w OAuthRequestFilter odwraca weryfikację IP
CVE-2026-50627CRITICAL9.1PL ✓ten sam produkt
Apache CXF: brak weryfikacji pola 'aud' w tokenach JWT (Token Confusion)
CVE-2025-48913CRITICAL9.8PL ✓ten sam produkt
Apache CXF: RCE przez złośliwe URL w konfiguracji JMS
CVE-2024-29736CRITICAL9.1PL ✓ten sam produkt
SSRF w opisie usług WADL w Apache CXF