Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates

A newly disclosed vulnerability in Apache CXF, tracked as CVE-2026-44930, is raising concerns among enterprise users relying on its XKMS (XML Key Management Specification) services. The flaw, classified as an important severity issue, affects the LDAP-based certificate repository component and could allow attackers to retrieve arbitrary digital certificates from vulnerable systems. Apache CXF is widely […] The post Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates appeared first on Cyber Security News.