12 matches found
CVE-2026-24130
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used t...
CVE-2026-24130
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used t...
CVE-2026-24130 Moonraker with LDAP Enabled Allows Malicious Search Filter Injection
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used t...
CVE-2026-24130
Moonraker (Python web server for Klipper API) is affected when the ldap component is enabled in versions 0.9.3 and earlier. The issue is LDAP search filter injection via the login endpoint, where 401 responses can reveal whether a search succeeded, enabling brute-force enumeration of LDAP entries...
CVE-2026-24130 Moonraker with LDAP Enabled Allows Malicious Search Filter Injection
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used t...
CVE-2026-24130 Moonraker with LDAP Enabled Allows Malicious Search Filter Injection
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used t...
EUVD-2026-3784
Moonraker affected by LDAP search filter injection...
Moonraker affected by LDAP search filter injection
Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...
LDAP Injection
Overview moonraker is an API Server for Klipper Affected versions of this package are vulnerable to LDAP Injection via the ldap component in the login endpoint. An attacker can enumerate user IDs and user attributes by exploiting LDAP search filter injection and analyzing 401 error responses to...
GHSA-3JQF-V4MV-747G Moonraker affected by LDAP search filter injection
Impact Instances of Moonraker configured with the ldap component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover...
Moonraker security vulnerabilities
Moonraker is a web interface server developed by Eric Callahan. Versions of Moonraker 0.9.3 and earlier contained security vulnerabilities. These vulnerabilities were caused by LDAP search filter injections, which could allow brute-force attack methods to discover LDAP entries on the server...
PT-2026-4310
Name of the Vulnerable Software and Affected Versions Moonraker versions prior to 0.10.0 Description Moonraker, a Python web server for Klipper 3D printing firmware, contains a flaw where instances with the "ldap" component enabled are susceptible to LDAP search filter injection via the login...