CVE-2026-1658— Content spoofing vulnerability discovered in OpenText™ Directory Services
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-1658
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Content spoofing vulnerability discovered in OpenText™ Directory Services
Source: NVD (National Vulnerability Database)
Vulnerability Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键信息的UI错误表达
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenText Directory Services(OTDS) 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenText Directory Services(OTDS)是加拿大OpenText公司的一个信息管理解决方案。将 OpenText 产品和解决方案与公司的企业目录基础设施集成在一起。 OpenText Directory Services(OTDS) 20.4.1版本至25.2版本存在安全漏洞,该漏洞源于用户界面关键信息表述不当,可能导致缓存投毒。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| OpenText™ | Directory Services | 20.4.1 ~ 25.2 | - |
II. Public POCs for CVE-2026-1658
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-1658
请登录查看更多情报信息。
Same Patch Batch · OpenText™ · 2026-02-19 · 6 CVEs total
| CVE-2025-13671 | Cross Site request forgery vulnerability discovered in OpenText WSM Management Server. | |
| CVE-2025-13672 | Reflected Cross-Site Scripting discovered in OpenText WSM Management Server. | |
| CVE-2025-8055 | SSRF vulnerability have been discovered in OpenText™ XM Fax | |
| CVE-2025-8054 | Path Traversal vulnerability have been discovered in OpenText™ XM Fax. | |
| CVE-2025-9208 | Stored-XSS vulnerability discovered in OpenText WSM Management Server. |
IV. Related Vulnerabilities
Same vendor: OpenText™
- CVE-2026-3278
XSS Vulnerability discovered in OpenText™ ZENworks Service D - CVE-2025-12453
Improper neutralization of input during web page generation - CVE-2025-12454
Improper neutralization of input during web page generation - CVE-2025-12455
Username Enumeration Observable Response Discrepancy vulnera - CVE-2026-3266
Improper access control vulnerability has been discovered in
Same weakness: CWE-451
- CVE-2026-35371
uutils coreutils id Misleading Identity Reporting in Pretty - CVE-2026-33118
Microsoft Edge (Chromium-based) Spoofing Vulnerability - CVE-2026-33119
Microsoft Edge (Chromium-based) for Android Spoofing Vulnera - CVE-2026-32971
OpenClaw < 2026.3.11 - Node-Host Approval UI Mismatch Allows - CVE-2026-0385
Microsoft Edge (Chromium-based) for Android Spoofing Vulnera
V. Comments for CVE-2026-1658
No comments yet