Ghostwire

CVE-2026-40459: PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP...

UNKNOWN CVSS 0.0

Published: April 17, 2026 | Last Modified: April 17, 2026

Description

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 and 6.4.1

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

cert.pl/en/posts/2026/04/CVE-2026-40458/
www.pac4j.org/blog/security-advisory-pac4j-core-and-ldap.html
www.tenable.com/cve/CVE-2026-40459
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-40459
nvd.nist.gov/vuln/detail/CVE-2026-40459