Cyber Resilience

CVE-2026-44930

CriticalUpdated

Published: 22 May 2026

Published
22 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0068 47.8th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-44930 is a critical-severity LDAP Injection (CWE-90) vulnerability in Apache Cxf. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix…

more

this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

LDAP injection in public-facing XKMS server directly enables exploitation for unauthorized data retrieval (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

Affected Assets

apache
cxf
4.2.0 · ≤ 3.6.11 · 4.0.0 — 4.1.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References