CVE-2026-1658

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*

History

26 Feb 2026, 02:48

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de Representación Errónea de Información Crítica en la Interfaz de Usuario (IU) en OpenText™ Directory Services permite el Envenenamiento de Caché. La vulnerabilidad podría ser explotada por un actor malicioso para inyectar texto manipulado en la aplicación OpenText, lo que podría engañar a los usuarios. Este problema afecta a Directory Services: desde la 20.4.1 hasta la 25.2.
CPE		cpe:2.3:a:opentext:directory_services::::::::
References	~~() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517 -~~	() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3
First Time		Opentext Opentext directory Services

19 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 23:16

Updated : 2026-02-26 02:48

NVD link : CVE-2026-1658

Mitre link : CVE-2026-1658

CVE.ORG link : CVE-2026-1658

JSON object : View

Products Affected

opentext

directory_services

CWE

CWE-451

User Interface (UI) Misrepresentation of Critical Information

{"id": "CVE-2026-1658", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-19T23:16:15.960", "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-451"}]}], "descriptions": [{"lang": "en", "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText\u2122 Directory Services allows Cache Poisoning.\u00a0\n\nThe vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.\n\nThis issue affects Directory Services: from 20.4.1 through 25.2."}, {"lang": "es", "value": "La vulnerabilidad de Representaci\u00f3n Err\u00f3nea de Informaci\u00f3n Cr\u00edtica en la Interfaz de Usuario (IU) en OpenText\u2122 Directory Services permite el Envenenamiento de Cach\u00e9.\n\nLa vulnerabilidad podr\u00eda ser explotada por un actor malicioso para inyectar texto manipulado en la aplicaci\u00f3n OpenText, lo que podr\u00eda enga\u00f1ar a los usuarios.\n\nEste problema afecta a Directory Services: desde la 20.4.1 hasta la 25.2."}], "lastModified": "2026-02-26T02:48:01.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "856B5AD3-A928-47FD-BD85-EA02CCE18D9F", "versionEndIncluding": "25.2", "versionStartIncluding": "20.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}