CWE · MITRE source
CWE-90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2016-9299 | 7.3 | 9.8 | 0.8925 | 2017-01-12 |
CVE-2017-14596 | 2.1 | 9.8 | 0.0257 | 2017-09-20 |
CVE-2017-8790 | 2.0 | 9.8 | 0.0049 | 2017-05-05 |
CVE-2011-4069 | 2.0 | 9.8 | 0.0066 | 2018-02-01 |
CVE-2021-43350 | 2.0 | 9.8 | 0.0125 | 2021-11-11 |
CVE-2024-33868 | 2.0 | 9.8 | 0.0037 | 2024-05-14 |
CVE-2024-54852 | 2.0 | 9.8 | 0.0013 | 2025-01-29 |
CVE-2026-25560 | 2.0 | 9.8 | 0.0006 | 2026-02-07 |
CVE-2026-39962 | 1.9 | 9.6 | 0.0011 | 2026-04-09 |
CVE-2022-4254 | 1.8 | 8.8 | 0.0008 | 2023-02-01 |
CVE-2025-48208 | 1.8 | 8.8 | 0.0008 | 2025-09-09 |
CVE-2026-31828 | 1.8 | 8.8 | 0.0014 | 2026-03-10 |
CVE-2026-33289 | 1.8 | 8.8 | 0.0010 | 2026-03-20 |
CVE-2026-40459 | 1.8 | 8.8 | 0.0014 | 2026-04-17 |
CVE-2019-11277 | 1.7 | 8.1 | 0.0088 | 2019-09-23 |
CVE-2026-34578 | 1.7 | 8.2 | 0.0021 | 2026-04-09 |
CVE-2015-7294 | 1.6 | 7.5 | 0.0132 | 2017-09-06 |
CVE-2017-4927 | 1.6 | 7.5 | 0.0142 | 2017-11-17 |
CVE-2020-5246 | 1.6 | 7.7 | 0.0021 | 2020-07-14 |
CVE-2021-41232 | 1.6 | 8.1 | 0.0049 | 2021-11-02 |
CVE-2023-28853 | 1.6 | 7.7 | 0.0115 | 2023-04-04 |
CVE-2026-40193 | 1.6 | 8.2 | 0.0005 | 2026-04-16 |
CVE-2023-3447 | 1.5 | 7.6 | 0.0028 | 2023-06-29 |
CVE-2023-29050 | 1.5 | 7.6 | 0.0011 | 2024-01-08 |
CVE-2024-56841 | 1.5 | 7.4 | 0.0007 | 2025-01-14 |