PT-2026-33452 · Pac4J · Pac4J
Published
2026-04-17
·
Updated
2026-04-19
·
CVE-2026-40459
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pac4j versions prior to 4.5.10
pac4j versions prior to 5.7.10
pac4j versions prior to 6.4.1
Description
LDAP Injection is possible in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, which may lead to unauthorized LDAP queries and arbitrary directory operations.
Recommendations
Update to version 4.5.10.
Update to version 5.7.10.
Update to version 6.4.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pac4J