Skip to main content

Passgate

1 CVEs product

Monthly

CVE-2026-4256 HIGH This Week

Directory data disclosure in PEAKUP Technology's PassGate (all versions through build 30042026) allows remote unauthenticated attackers to manipulate LDAP queries by injecting special characters into user-controlled input. Reported by TR-CERT (Turkey's national CERT), the flaw carries a CVSS 8.2 driven by high confidentiality impact with no authentication or user interaction required. No public exploit code or CISA KEV listing exists at time of analysis, indicating no confirmed active exploitation.

Code Injection LDAP Passgate
NVD
CVSS 3.1
8.2
EPSS
0.2%
EPSS 0% CVSS 8.2
HIGH This Week

Directory data disclosure in PEAKUP Technology's PassGate (all versions through build 30042026) allows remote unauthenticated attackers to manipulate LDAP queries by injecting special characters into user-controlled input. Reported by TR-CERT (Turkey's national CERT), the flaw carries a CVSS 8.2 driven by high confidentiality impact with no authentication or user interaction required. No public exploit code or CISA KEV listing exists at time of analysis, indicating no confirmed active exploitation.

Code Injection LDAP Passgate
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy