226 matches found
CVE-2026-42789
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
CVE-2026-42789
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...
EEF-CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Summary Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7...
CVE-2026-42789
The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...
PT-2026-43712
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public key pubkey cert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public key/src/pubkey cert.erl, pubkey cert:validate extensions/7 contain...
curl: curl GnuTLS backend accepts a clientAuth-only certificate for HTTPS server authentication
Summary: When curl/libcurl is built with the GnuTLS backend, the current HTTPS server-certificate validation path verifies the trust chain and hostname but does not enforce TLS server Extended Key Usage semantics. As a result, a leaf certificate that chains to a trusted CA, matches the requested...
OSEC-2026-06 TLS-client (with TLS 1.3) does insufficient certificate checks (missing KeyUsage and ExtendedKeyUsage validation)
The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...
OSEC-2026-07 TLS-server does insufficient client certificate checks (missing KeyUsage and ExtendedKeyUsage validation)
The TLS server implementation does not validate the KeyUsage and ExtendedKeyUsage extensions of client certificates when mutually authenticated TLS is requested. This can lead to impersonation with a certificate issued to a server. Scenario An operations engineer enables mTLS on the admin endpoin...
PT-2026-42202
The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...
PT-2026-42203
The TLS server implementation does not validate the KeyUsage and ExtendedKeyUsage extensions of client certificates when mutually authenticated TLS is requested. This can lead to impersonation with a certificate issued to a server. Scenario An operations engineer enables mTLS on the admin endpoin...
curl: Schannel custom-CA path skips Extended Key Usage enforcement
Hi all, We believe the Schannel custom-CA verification path in lib/vtls/schannelverify.c may skip Extended Key Usage enforcement. In particular, a certificate that chains to the trusted custom CA but contains only id-kp-clientAuth, rather than id-kp-serverAuth, may pass peer verification on Windo...
DEBIAN-CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
UBUNTU-CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367 aria2c Improper Certificate Validation
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c is affected by an improper certificate validation issue where it accepts a server certificate with an incorrect Extended Key Usage (EKU). If an attacker obtains a certificate (with its private key) intended for a different purpose, they may reuse it to perform TLS server authentication aga...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
PT-2026-40700
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...