CVE-2026-40459 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 20, 2026
PAC4J - LDAP Injection
Overview
PAC4J contains an LDAP injection caused by crafted LDAP syntax in ID-based search parameters, letting low-privileged remote attackers perform unauthorized LDAP queries and directory operations, exploit requires low privileges.
Severity & Score
Impact
Low-privileged attackers can perform unauthorized LDAP queries and arbitrary directory operations, potentially compromising directory data integrity and confidentiality.
Mitigation
Update to versions 4.5.10, 5.7.10, or 6.4.1 or later.
References
Social Media Activity(2 posts)
š CVE-2026-40459 - High (8.8) PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. Thi... š https://www.thehackerwire.com/vulnerability/CVE-2026-40459/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-40459 - High (8.8) PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. Thi... š https://www.thehackerwire.com/vulnerability/CVE-2026-40459/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-40459
- Severity
- High
- CVSS Score
- 8.8
- Type
- ldap_injection
- Status
- confirmed
- EPSS
- 22.2%
- Social Posts
- 2
CWE
- CWE-90
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H