Common Weakness Enumeration

CWE-90

Allowed

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Abstraction: Base · Status: Draft

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

114 vulnerabilities reference this CWE, most recent first.

GHSA-VMXX-HRQ4-4R4J

Vulnerability from github – Published: 2022-05-17 02:45 – Updated: 2022-05-17 02:45
VLAI
Details

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8790"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-05T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter \"filter\" can be used for LDAP Injection.",
  "id": "GHSA-vmxx-hrq4-4r4j",
  "modified": "2022-05-17T02:45:20Z",
  "published": "2022-05-17T02:45:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8790"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W66J-XC7R-M2JV

Vulnerability from github – Published: 2022-12-05 15:30 – Updated: 2022-12-06 18:49
VLAI
Summary
camel-ldap component allows LDAP Injection when using the filter option
Details

The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.14.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.15.0"
            },
            {
              "fixed": "3.18.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-45046"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-05T23:33:29Z",
    "nvd_published_at": "2022-12-05T14:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The camel-ldap component allows LDAP Injection when using the filter option. Users are recommended to either move to the Camel-Spring-Ldap component (which is not affected) or upgrade to 3.14.6 or 3.18.4.",
  "id": "GHSA-w66j-xc7r-m2jv",
  "modified": "2022-12-06T18:49:45Z",
  "published": "2022-12-05T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45046"
    },
    {
      "type": "WEB",
      "url": "https://camel.apache.org/security/CVE-2022-45046.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/camel"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/12/05/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "camel-ldap component allows LDAP Injection when using the filter option"
}

GHSA-W83Q-MCMX-MH42

Vulnerability from github – Published: 2026-03-26 18:30 – Updated: 2026-03-26 18:30
VLAI
Summary
n8n Vulnerable to LDAP Filter Injection in LDAP Node
Details

Impact

A flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node's search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.

Exploitation requires a specific workflow configuration: - The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).

Patches

The issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.

Workarounds

If upgrading is not immediately possible, administrators should consider the following temporary mitigations: - Limit workflow creation and editing permissions to fully trusted users only. - Disable the LDAP node by adding n8n-nodes-base.ldap to the NODES_EXCLUDE environment variable. - Avoid passing unvalidated external user input into LDAP node search parameters via expressions.

These workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.123.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.14.0"
            },
            {
              "fixed": "2.14.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.14.0"
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "n8n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-rc.0"
            },
            {
              "fixed": "2.13.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33751"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T18:30:18Z",
    "nvd_published_at": "2026-03-25T19:16:51Z",
    "severity": "MODERATE"
  },
  "details": "## Impact\nA flaw in the LDAP node\u0027s filter escape logic allowed LDAP metacharacters to pass through unescaped when user-controlled input was interpolated into LDAP search filters. In workflows where external user input is passed via expressions into the LDAP node\u0027s search parameters, an attacker could manipulate the constructed filter to retrieve unintended LDAP records or bypass authentication checks implemented in the workflow.\n\nExploitation requires a specific workflow configuration:\n- The LDAP node must be used with user-controlled input passed via expressions (e.g., from a form or webhook).\n\n## Patches\nThe issue has been fixed in n8n versions 1.123.27, 2.13.3, and 2.14.1. Users should upgrade to one of these versions or later to remediate the vulnerability.\n\n## Workarounds\nIf upgrading is not immediately possible, administrators should consider the following temporary mitigations:\n- Limit workflow creation and editing permissions to fully trusted users only.\n- Disable the LDAP node by adding `n8n-nodes-base.ldap` to the `NODES_EXCLUDE` environment variable.\n- Avoid passing unvalidated external user input into LDAP node search parameters via expressions.\n\nThese workarounds do not fully remediate the risk and should only be used as short-term mitigation measures.",
  "id": "GHSA-w83q-mcmx-mh42",
  "modified": "2026-03-26T18:30:19Z",
  "published": "2026-03-26T18:30:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-w83q-mcmx-mh42"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33751"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/n8n-io/n8n"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "n8n Vulnerable to LDAP Filter Injection in LDAP Node"
}

GHSA-WC4G-X5VW-8V9Q

Vulnerability from github – Published: 2022-05-14 03:44 – Updated: 2022-05-14 03:44
VLAI
Details

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2011-4069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-01T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.",
  "id": "GHSA-wc4g-x5vw-8v9q",
  "modified": "2022-05-14T03:44:10Z",
  "published": "2022-05-14T03:44:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4069"
    },
    {
      "type": "WEB",
      "url": "https://packetfence.org/bugs/changelog_page.php?version_id=35"
    },
    {
      "type": "WEB",
      "url": "https://packetfence.org/bugs/view.php?id=1293"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WG68-35XJ-M3X2

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-12-06 21:30
VLAI
Details

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-4297"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.",
  "id": "GHSA-wg68-35xj-m3x2",
  "modified": "2022-12-06T21:30:43Z",
  "published": "2022-05-24T16:49:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-4297"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160761"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10884826"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WHC5-MVJ9-GJQW

Vulnerability from github – Published: 2026-04-02 09:30 – Updated: 2026-04-16 21:31
VLAI
Details

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-29138"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-02T09:16:22Z",
    "severity": "MODERATE"
  },
  "details": "SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user\u0027s PGP signature as their own.",
  "id": "GHSA-whc5-mvj9-gjqw",
  "modified": "2026-04-16T21:31:09Z",
  "published": "2026-04-02T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29138"
    },
    {
      "type": "WEB",
      "url": "https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-WRGQ-9J5M-MW73

Vulnerability from github – Published: 2022-05-17 00:18 – Updated: 2022-05-17 00:18
VLAI
Details

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-4927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-17T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.",
  "id": "GHSA-wrgq-9j5m-mw73",
  "modified": "2022-05-17T00:18:38Z",
  "published": "2022-05-17T00:18:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-4927"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2017-0017.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101786"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039759"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WXG4-73Q7-87RM

Vulnerability from github – Published: 2023-06-29 06:30 – Updated: 2024-04-04 05:17
VLAI
Details

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-29T05:15:14Z",
    "severity": "HIGH"
  },
  "details": "The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory.",
  "id": "GHSA-wxg4-73q7-87rm",
  "modified": "2024-04-04T05:17:16Z",
  "published": "2023-06-29T06:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3447"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2928150%40ldap-login-for-intranet-sites\u0026new=2928150%40ldap-login-for-intranet-sites\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4HH-7HPG-JMCG

Vulnerability from github – Published: 2024-02-02 03:30 – Updated: 2024-02-02 03:30
VLAI
Details

IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter. IBM X-Force ID: 279145.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-22319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-02T03:15:10Z",
    "severity": "HIGH"
  },
  "details": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote attacker to conduct an LDAP injection. By sending a request with a specially crafted request, an attacker could exploit this vulnerability to inject unsanitized content into the LDAP filter.  IBM X-Force ID:  279145.",
  "id": "GHSA-x4hh-7hpg-jmcg",
  "modified": "2024-02-02T03:30:32Z",
  "published": "2024-02-02T03:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22319"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7112382"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X75F-4M4H-6374

Vulnerability from github – Published: 2023-02-01 18:30 – Updated: 2023-02-09 15:30
VLAI
Details

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4254"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-90"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-01T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters",
  "id": "GHSA-x75f-4m4h-6374",
  "modified": "2023-02-09T15:30:28Z",
  "published": "2023-02-01T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4254"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SSSD/sssd/issues/5135"
    },
    {
      "type": "WEB",
      "url": "https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2022-4254"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149894"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-136: LDAP Injection

An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.