A vulnerability labeled as problematic has been found in Apache CXF up to 3.6.10/4.1.5/4.2.0 . This affects an unknown function of the component Certificate Handler . Such manipulation leads to ldap injection. This vulnerability is documented as CVE-2026-44930 . The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.