QSearchQSearch

CVE-2026-0636

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc

Published: 2026-04-15 · Last updated: 2026-05-19

Severity and scoring

CWE
CWE-90

Description

Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-42568 Yamcs is a mission control framework (4.3 MEDIUM)
  • CVE-2026-45559 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.9 MEDIUM)
  • CVE-2026-46745 Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltr... (5.3 MEDIUM)
  • CVE-2026-44063 An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obt... (4.2 MEDIUM)
  • CVE-2026-41919 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz (9.1 CRITICAL)