CVE-2026-1658

MEDIUM EPSS 15.2%

Published Feb 19, 20264mo ago · Modified Feb 26, 20264mo ago

5.3 CVSS 4.0

Medium

Published Feb 19, 2026 4mo ago

Last Modified Feb 26, 2026 4mo ago

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.

CVSS Details

Base Score

5.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction P

Scope N

Threat Intelligence

EPSS Exploit Probability

15.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-451

Affected Products 1

Vendor	Product	Version	Range
opentext	directory_services	*	≥20.4.1 – ≤25.2

References 1

support.opentext.com https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.