Apache · Apache Directory Ldap Api · CVE-2026-35563
**Name of the Vulnerable Software and Affected Versions**
Apache Directory LDAP API version 2.1.7
**Description**
The LDAP client implementation fails to verify if the server certificate matches the intended LDAP hostname. Although the certificate chain is validated against a trusted authority, the lack of endpoint identification allows a valid certificate issued for an unrelated host to be accepted. This flaw enables server impersonation and complete connection compromise if an attacker with Man-in-the-Middle (MITM) capabilities presents a certificate trusted by the client's trust store.
**Recommendations**
Update to the new version of the LDAP API where hostname verification is enforced.