The Apache Software Foundation has patched a critical security flaw in its widely used Apache CXF web services framework, warning that attackers could exploit an LDAP injection vulnerability to retrieve arbitrary X.509 certificates from enterprise LDAP-backed repositories, a risk with serious implications for PKI-reliant organizations. Tracked as CVE-2026-44930 and rated “Important” severity, the flaw resides in the LDAP Certificate […]
The post Apache CXF LDAP Injection Flaw Exposes Arbitrary Certificates appeared first on Cyber Security News.