EUVD-2026-23344

Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...

SUSE CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ACME TLS certificates' automatic generation. An attacker can exhaust system resources by opening multiple connections, sending minimal ClientHello messages with acme-tls/1, an...

EUVD-2026-2949

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...

mod_md: Apache HTTP Server: mod_md (ACME), unintended retry intervals

An integer overflow flaw has been discovered in the Apache HTTP server. The integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated...

SUSE CVE-2025-44005

An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks...

GO-2025-4180 Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates

Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates...

CVE-2025-55753

An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures 30 days in default configurations, to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeeds. This issue affects Apache HTTP Server: fro...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

[SECURITY] Fedora 40 Update: dogtag-pki-11.5.0-3.fc40

Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Dogtag PKI consists of the following components: Certificate Authority CA Key Recovery Authority KRA Online Certificate Status Protocol OCSP Manager Token Key Service TKS Token...