CVE-2026-4256 PUBLISHED

LDAP Injection in PEAKUP's PassGate

Assigner: TR-CERT
Reserved: 16.03.2026 Published: 09.07.2026 Updated: 09.07.2026

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP Technology Inc. PassGate allows LDAP Injection.

This issue affects PassGate: through 30042026.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CVSS Score: 8.2

Product Status

Vendor PEAKUP Technology Inc.
Product PassGate
Versions Default: unaffected
  • affected from 0 to 30042026 (incl.)

Credits

  • Eren Can ÖZMEN finder

References

Problem Types

  • CWE-90 Improper neutralization of special elements used in an LDAP query ('LDAP injection') CWE

Impacts

  • CAPEC-136 LDAP Injection