By weakness (CWE)
CWE-297: related vulnerabilities
CVEs classified under CWE-297. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-35563HIGH 8.5
A flaw in Apache Directory LDAP API version 2.1.7 allows an attacker with network interception capability to impersonate an LDAP server. The library validates that a certificate is signed by a trusted authority but fails to confirm that the certificate was actually issued for the LDAP server being connected to. An attacker positioned between a client and server can present any valid certificate from their trust store, hijacking the connection and accessing sensitive authentication and directory data.
- CVE-2026-44393HIGH 7.4
OpenStack's oslo.messaging library contains a critical flaw in how it validates TLS certificates when connecting to RabbitMQ brokers. The driver accepts any certificate signed by your organization's CA without checking that it actually belongs to the RabbitMQ server you're trying to reach. This means an attacker positioned on your network could intercept traffic, present a valid (but wrong) certificate, and trick OpenStack services into sending sensitive control-plane messages to the attacker instead of RabbitMQ. The vulnerability affects all versions from 1.0.0 through 17.3.0.