CVE-2026-35563

Name of the Vulnerable Software and Affected Versions Apache Directory LDAP API version 2.1.7

Description The LDAP client implementation fails to verify if the server certificate matches the intended LDAP hostname. Although the certificate chain is validated against a trusted authority, the lack of endpoint identification allows a valid certificate issued for an unrelated host to be accepted. This flaw enables server impersonation and complete connection compromise if an attacker with Man-in-the-Middle (MITM) capabilities presents a certificate trusted by the client's trust store.

Recommendations Update to the new version of the LDAP API where hostname verification is enforced.