CVE-2026-41919

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06

Description Improper Neutralization of Special Elements used in an LDAP Query, also known as LDAP Injection, allows for authentication bypass due to improper neutralization of LDAP special elements in DN construction. LDAP Injection occurs when an application fails to properly sanitize user-supplied input before using it in a Lightweight Directory Access Protocol (LDAP) query, potentially allowing an attacker to manipulate the query logic.

Recommendations Upgrade to version 24.09.06.