Skip to main content

Spring Ldap

2 CVEs product

Monthly

CVE-2026-41720 HIGH PATCH This Week

Authentication bypass in Spring LDAP's DirContextAuthenticationStrategy allows remote unauthenticated attackers to succeed at LDAP bind operations by supplying any non-empty username paired with an empty or null password, due to the framework failing to reject such anonymous-equivalent bind requests. Affected releases span Spring LDAP 2.4.0-2.4.4, 3.2.0-3.2.17, 3.3.0-3.3.7, and 4.0.0-4.0.3, putting Java applications that delegate authentication to these libraries at risk of impersonating arbitrary users. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Java Spring Ldap
NVD HeroDevs VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2017-8028 Maven HIGH PATCH This Week

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Java Spring Ldap Debian Linux
NVD
CVSS 3.0
8.1
EPSS
1.4%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Authentication bypass in Spring LDAP's DirContextAuthenticationStrategy allows remote unauthenticated attackers to succeed at LDAP bind operations by supplying any non-empty username paired with an empty or null password, due to the framework failing to reject such anonymous-equivalent bind requests. Affected releases span Spring LDAP 2.4.0-2.4.4, 3.2.0-3.2.17, 3.3.0-3.3.7, and 4.0.0-4.0.3, putting Java applications that delegate authentication to these libraries at risk of impersonating arbitrary users. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Java Spring Ldap
NVD HeroDevs VulDB
EPSS 1% CVSS 8.1
HIGH PATCH This Week

In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Java Spring Ldap +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy