CVE-2026-45388

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

CVE-2026-45388

CVE-2026-45388 affects OCaml-TLS before 2.1.0. The TLS 1.3 client path in handshake_client13.ml did not wire into validate_keyusage, allowing a certificate issued for non-server purposes (e.g., clientAuth, codeSigning, emailProtection) to impersonate a TLS server if the EKU/KeyUsage restrictions ...

CVE-2026-45389

Summary (OCaml-TLS CVE-2026-45389): OCaml-TLS versions before 2.1.0 fail to properly validate KeyUsage and ExtendedKeyUsage on client certificates during mutual TLS, allowing impersonation with certificates intended for server authentication. The issue arises in the server-side certificate valida...

Linux Distros Unpatched Vulnerability : CVE-2026-42789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an...

SUSE CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

DEBIAN-CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

UBUNTU-CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

CVE-2026-33896

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

Improper Certificate Validation

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain...

PT-2026-28559

Name of the Vulnerable Software and Affected Versions Forge versions prior to 1.4.0 Description Forge, a native implementation of Transport Layer Security in JavaScript, has an issue where the pki.verifyCertificateChain function does not properly enforce RFC 5280 basicConstraints requirements...

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage

Challenge Attempting to deploy the Veeam Plug-in for VMware vSphere Client through Veeam Backup Enterprise Manager fails with the error: Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Certificate doesn't support 'digitalSignature' KeyUsage...

krb5 security update

1.8.2-3.4 - add upstream patches to fix standalone kpropd exiting if the per-client child process exits with an error, and hang or crash in the KDC when using the LDAP kdb backend CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, 671101 1.8.2-3.3 - pull up crypto changes made between 1.8.2 and 1.8.3 t...