CVE-2026-41919
CRITICALDescription
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Is your site exposed to CVE-2026-41919?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | ofbiz |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-41919? +
How severe is CVE-2026-41919? +
What products are affected by CVE-2026-41919? +
How do I check if I'm vulnerable to CVE-2026-41919? +
Related Vulnerabilities
A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied username input …
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker …
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is …
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based …
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . The attacker needs …