CVE-2026-35563

8.5 HIGH

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDA...

Published: 2026-06-01 · Last updated: 2026-06-03

Severity and scoring

CVSS: 8.5 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-297

Affected products

Vendor	Product
apache	directory_ldap_api

Description

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid certificate issued for an entirely unrelated host to be improperly accepted. This oversight leaves the connection highly vulnerable to server impersonation and complete connection compromise. The root cause of this vulnerability lies in the incomplete TLS server identity verification within the LDAP client implementation. The attacker requires MITM capability on the network to exploit this vulnerability. This attacker must be able to present a certificate trusted by the client's configured trust store. The hostname verification has been enforced in the new version of the LDAP API

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-35563
[Vendor advisory]https://lists.apache.org/thread/5rc2nzqxp1m9wknyf93r8dnp46fhc1nn
[Other]http://www.openwall.com/lists/oss-security/2026/06/01/2

Related CVEs

Same vendor

CVE-2026-25700 — Improper Restriction of Security Token Assignment vulnerability in Apache Answer (7.2 HIGH)
CVE-2026-34905 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-34033 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache Answer (5.4 MEDIUM)
CVE-2026-34031 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
CVE-2026-33582 — Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)

Same CWE

CVE-2026-44393 — An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0 (7.4 HIGH)
CVE-2026-42790 — Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints ... (8.1 HIGH)
CVE-2026-44467 — The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side (6.8 MEDIUM)
CVE-2025-25253 — An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and... (7.5 HIGH)
CVE-2024-12925 — Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting (7.3 HIGH)