CVE-2026-41919
Modified Modified - Updated After Analysis
LDAP Injection in Apache OFBiz

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: Apache Software Foundation

Description
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
2026-05-19
NVD
CVE-2026-41919
EUVD
EUVD-2026-30875
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache ofbiz to 24.09.06 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-90 The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The CVE-2026-41919 vulnerability in Apache OFBiz is an LDAP injection flaw that allows attackers to bypass authentication mechanisms due to improper neutralization of special LDAP elements.

Such an authentication bypass can lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require strict access controls and protection of personal and health information.

Therefore, if exploited, this vulnerability could result in violations of these standards by exposing sensitive data or allowing unauthorized actions within affected systems.

Upgrading to Apache OFBiz version 24.09.06 or later is recommended to mitigate this risk and help maintain compliance.


Can you explain this vulnerability to me?

This vulnerability is an LDAP Injection issue in Apache OFBiz before version 24.09.06. LDAP Injection occurs when special elements used in LDAP queries are not properly neutralized, allowing an attacker to manipulate the LDAP query. This can lead to unauthorized access or modification of LDAP data.


How can this vulnerability impact me? :

The impact of this vulnerability can include unauthorized access to sensitive information stored in LDAP directories, modification of LDAP data, or bypassing authentication mechanisms. This can compromise the security and integrity of the system using Apache OFBiz.


What immediate steps should I take to mitigate this vulnerability?

Users are recommended to upgrade Apache OFBiz to version 24.09.06, which fixes the LDAP Injection vulnerability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart