Product
An improper authorization vulnerability (CVE-2026-45052) in OpenAM Community Edition through version 16.0.6 allows an unauthenticated attacker to write persistent entries into the Liberty Discovery store on any user's LDAP entry and a shared root-realm Discovery branch, due to a flaw in the Liberty Web Services SOAP receiver that permits anonymous writes with elevated internal privileges, potentially influencing service routing or security mechanisms if Liberty discovery data is consumed.