Do Son 
- CVE: CVE-2026-46495
- CVSS: 9.2 (Critical · CVSSv4)
- Product: org.openidentityplatform.opendj:opendj-server-legacy (maven)
- Affected: <= 5.1.0
- Impact: OpenDJ Pre-Auth RCE via Java Deserialization in JMX RMI
- Status: No confirmed exploitation yet
- Patched in: 5.1.1
- Action: Update to 5.1.1 now
OpenDJ directory services suffer from a critical security flaw. An OpenDJ unauthenticated RCE vulnerability, tracked as CVE-2026-46495, scores a severe 9.2 CVSS rating. It allows attackers to run arbitrary code remotely.
Why This Threat Matters
OpenDJ operates as an LDAPv3 compliant directory service. It provides a highly available store for organizational identities. It runs on the Java platform. This makes enterprise deployments fast and simple. Users can store databases in SQL or NoSQL clusters.
A successful attack exposes these sensitive databases completely. Many administrators enable the vulnerable JMX Connection Handler for system monitoring. This expands the attack surface significantly. Countless servers face this severe threat if left unpatched.
How the Attack Works
The issue stems from a Java deserialization vulnerability. It falls under the CWE-502 category for untrusted data processing. The OpenDJ platform reads incoming bytes before requiring user authentication. An attacker sends malicious data to the JMX RMI connector.
The server then processes these attacker-controlled bytes. This triggers the execution of arbitrary commands. Attackers only need network TCP access to the listener port. They do not need client certificates or prior access credentials.
Affected Versions and Mitigation
This flaw impacts OpenDJ Community Edition versions up through 5.1.0. Security researchers demonstrated the attack on OpenDJ version 4.4.15. A public proof-of-concept exploit currently exists. However, no active exploitation in the wild has been confirmed yet.
Administrators must act quickly to secure their environments. Apply the official patch immediately. You can download OpenDJ Community Edition version 5.1.1 directly from the vendor. Update your systems to secure your identity stores.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
