Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-41919 -- CVSS 9.1 Vulnerability Briefing

CVE-2026-41919 | CVSS 9.1 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-41919 is an LDAP injection vulnerability in Apache OFBiz, an open-source enterprise resource planning and business automation platform, affecting all versions prior to 24.09.06.

Technical Detail

The flaw stems from improper neutralization of special characters in LDAP query construction, meaning user-supplied input is passed to LDAP queries without adequate sanitization or escaping. An attacker who can supply crafted input to an affected OFBiz endpoint may be able to manipulate LDAP query logic, potentially enabling authentication bypass, unauthorized data access, or enumeration of directory service contents depending on how LDAP is integrated within the deployment. The precise attack surface and whether exploitation requires authentication has not been fully detailed in public disclosures at this time, but the CVSS score of 9.1 indicates high impact to confidentiality and integrity with low or no required privileges.

Exploitation Status

No known exploit code has been publicly documented or observed in the wild as of May 26, 2026. This vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is currently assessed as none, though the critical severity rating and the history of Apache OFBiz being a target of opportunistic exploitation make this a priority for patching regardless of current exploitation status.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor activity has been associated with this CVE in available intelligence sources.

What To Do

Upgrade Apache OFBiz to version 24.09.06 or later immediately. This is the vendor-recommended remediation and the only confirmed fix. Organizations running OFBiz with LDAP authentication or directory integration should treat this as a priority patch given the critical CVSS score and the class of vulnerability. If immediate patching is not feasible, consider restricting network access to OFBiz administrative and authentication interfaces to trusted IP ranges, and review LDAP integration configurations to identify exposure. Monitor authentication logs and LDAP query logs for anomalous patterns such as unexpected wildcard characters, null bytes, or malformed filter strings that may indicate probing activity.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →