[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

CVE-2026-5052

A flaw was found in Vault’s PKI engine. The ACME Automated Certificate Management Environment validation process did not properly restrict requests to local network targets when handling http-01 and tls-alpn-01 challenges. This vulnerability, known as Server-Side Request Forgery SSRF, could allow...

GO-2026-4901 nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui

nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui...

GO-2026-4322 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik...

SUSE CVE-2026-22045

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

CVE-2026-22045

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

CVE-2025-44005

A flaw was found in the Automated Certificate Management Environment ACME and Simple Certificate Enrollment Protocol SCEP provisioner features of Step CA github.com/smallstep/certificates. This vulnerability allows an authorization bypass vulnerability in Step CA’s ACME and SCEP provisioners wher...

EUVD-2025-35626

OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

WordPress Free Encryption Through Let's Encrypt Project

All custom domains hosted on WordPress.com will soon have their sites automatically encrypted for free. WordPress said late Friday afternoon that more than one million sites will have encryption automatically deployed. “We are closing the door to unencrypted web traffic at every opportunity,” wro...