#ldap

Analysis · May 1, 2026 · Colten Anderson

The same LDAP injection, in two firewalls, in the same month

OPNsense shipped a textbook LDAP filter injection that hid for eleven years. WatchGuard disclosed the same class of flaw weeks later. The pattern is not coincidence.