CVE-2026-7532

The CVE-2026-7532 entry concerns WolfSSL: when WOLFSSL_IP_ALT_NAME is not defined, iPAddress name constraints are not enforced, allowing a certificate to bypass an issuing CA’s IP address constraints. Affected component: IP address name constraint handling in WolfSSL. Root cause: configuration wh...

CVE-2026-24122

Cosign

CVE-2026-24122 Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

App Layering 2011 : After ELM Upgrade to 2011 from 2005, adding layer version gives "The issuing certificate does not have a usable private key."

--after upgrading ELM from 2005 to 2011 -- getting an error when we try to add a version to a layer "The issuing certificate does not have a usable private key." -- have offload compositing enabled on vCentre connectors...

XenMobile: How to migrate the Cert Based Auth from existing CA to a new PKI-Infrastructure (With a new Root CA and Issuing CA)?

Existing working two-factor-authentication for XenMobile using cert based auth as the second factor are XenMobile-certificates that are issued by a Windows Enterprise Root CA. This Root CA will be decommissioned and replaced by a new Windows Enterprise Issuing CA that is signed by a new Root CA...