Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. 

The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users.

This issue affects Directory Services: from 20.4.1 through 25.2.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User Deception
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a User Interface (UI) Misrepresentation of Critical Information that permits cache poisoning by injecting manipulated text into the OpenText application. The manipulation can mislead users into believing displayed information is accurate, potentially causing them to act on false or malicious data.

Affected Systems

Affected systems are OpenText Directory Services versions 20.4.1 through 25.2, all releases in that range contain the flaw in UI components that render text.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk, and the EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote delivery of crafted input to the UI, as the description discusses injection of manipulated text; this inference suggests no privileged access is required for exploitation.

Generated by OpenCVE AI on April 17, 2026 at 17:49 UTC.

Remediation

Vendor Solution

https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0858517

OpenCVE Recommended Actions

  • Apply the vendor-released patch for OpenText Directory Services 20.4.1 through 25.2 as documented in the official CNA article.
  • Restrict or block user interactions with the affected UI input controls until the issue is resolved.
  • Implement input validation and cache hygiene to prevent malicious text from influencing the displayed UI, thereby addressing the unintended modification of data identified by CWE‑451.

Generated by OpenCVE AI on April 17, 2026 at 17:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 02 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Feb 2026 03:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:opentext:directory_services:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Opentext
Opentext directory Services
Vendors & Products Opentext
Opentext directory Services

Thu, 19 Feb 2026 23:00:00 +0000

Type Values Removed Values Added
Description User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Directory Services: from 20.4.1 through 25.2.
Title Content spoofing vulnerability discovered in OpenText™ Directory Services
Weaknesses CWE-451
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear'}

Subscriptions

Opentext Directory Services
cve-icon MITRE

Status: PUBLISHED

Assigner: OpenText

Published:

Updated: 2026-03-02T15:56:48.806Z

Reserved: 2026-01-29T20:02:02.908Z

Link: CVE-2026-1658

cve-icon Vulnrichment

Updated: 2026-03-02T15:56:43.375Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T23:16:15.960

Modified: 2026-02-26T02:48:01.790

Link: CVE-2026-1658

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:00:12Z

Weaknesses