Apache CXF Flaw Exposes Systems to LDAP Injection Attacks

Apache CXF suffers an LDAP injection vulnerability (CVE-2026-44930) in the cxf-services-xkms-x509-repo-ldap component that can allow attackers to manipulate LDAP queries and retrieve arbitrary X.509 certificates, potentially compromising certificate-based trust; multiple CXF versions are affected and Apache has released patched versions (4.2.1, 4.1.6, 3.6.11).