EUVD-2026-18003

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

DEBIAN-CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

UBUNTU-CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

PT-2026-29587

Name of the Vulnerable Software and Affected Versions Mbed TLS versions through 3.6.5 and 4.0.0 Description A flaw exists in the distinguished name parsing functionality, leading to a NULL pointer dereference. This can allow an attacker to write to address 0. Recommendations Update to a version...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

CVE-2026-34874

Mbed TLS versions affected: up to 3.6.5 and 4.x up to 4.0.0. The issue is a NULL pointer dereference in distinguished name parsing that can allow writing to address 0. This is a concrete vulnerability detail (affected component and root cause) and is described in both the CVE records and CVE List...

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

openSUSE 16 Security Update : python-ldap (openSUSE-SU-2026:20421-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20421-1 advisory. - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913. Tenab...

BIT-NATS-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

GO-2026-4828 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server

NATS has mTLS verifyandmap authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server...

SUSE CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

DEBIAN-CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

GHSA-3F24-PCVM-5JQC NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...