34 matches found
Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...
CVE-2026-8932
CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...
CVE-2026-8932 incomplete mTLS config matching in conn reuse
libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...
CVE-2026-8932
libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...
EUVD-2026-40374
Nightingale n9e before 9.0.0-beta.2 exposes full datasource configurations, including plaintext database passwords, HTTP bearer tokens, HTTP basic-auth passwords, and mTLS client keys, to any authenticated low-privilege Standard role user through POST /api/n9e/datasource/list. The route is...
CVE-2026-48491
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...
GHSA-GFJ5-979R-92PW @acastellon/auth: Authentication bypass via spoofable headers in validateToken()
@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...
CVE-2026-42789
A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...
curl: CVE-2026-8932: incomplete mTLS config matching in conn reuse
Hi all, This report and my multiple subsequent ones may come as a surprise, as I was assured that curl now had zero vulnerabilities in it. Nonetheless, I think the CVE-2022-27782 fix "TLS and SSH connection too eager reuse", commit f18af4f874 2022-05-09, "tls: check more TLS details for connectio...
CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...
Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles
Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...
BIT-ETCD-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the mTLS or WireGuard transports. An attacker can cause the process to consume excessive memory and potentially crash by sending specially crafted authenticated requests that...
GO-2026-4723 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver
Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports in github.com/bishopfox/sliver...
GO-2026-4828 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server
NATS has mTLS verifyandmap authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server...
CVE-2026-33248
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...
CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...
GHSA-3F24-PCVM-5JQC NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. One authentication model supported is mTLS, deriving the NATS client identity from properties of the TLS Client Certificate. Problem...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions of Traefik such as 2.11.40, 3.0.0-beta1 to 3.6.11, and 3.7.0-ea.1 contain security vulnerabilities. These vulnerabilities stem from issues with the TLS SNI pre-sniffing logic, which may allow for...
PT-2026-1769
Name of the Vulnerable Software and Affected Versions wolfssl-py versions up to and including 5.8.2 Description A flaw exists in the handling of verify mode = CERT REQUIRED within the wolfssl Python package wolfssl-py. The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the softwar...