Pac4j Pac4j
3 CVEs affecting Pac4j Pac4j. Latest disclosed: 2026-04-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40459 | | 2026-04-17 | PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, pot… | |
CVE-2026-40458 | | 2026-04-17 | PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will autom… | |
CVE-2023-25581 | | 2024-10-10 | pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects syst… |