CVE-2026-41919 PUBLISHED

Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Elements in DN Construction

Assigner: apache
Reserved: 22.04.2026 Published: 19.05.2026 Updated: 19.05.2026

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: before 24.09.06.

Users are recommended to upgrade to version 24.09.06, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache OFBiz
Versions Default: unaffected
  • affected from 0 to 24.09.06 (excl.)

Credits

  • zhaokaifei (China Telecom) reporter

References

Problem Types

  • CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') CWE