Non-CA certificate accepted as intermediate issuer in public_key path validation

...

SUSE CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

CVE-2026-42789

The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...

EUVD-2026-32272

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer

https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...

SUSE CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

GHSA-6C5R-4WFC-3MCX Hashicorp Vault has Incorrect Validation for Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCredentials. An attacker can impersonate a trusted client by crafting a malicious certificate when a non-CA certificate is used as a trusted certificate. Remediation Upgrade...

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

GHSA-4C49-9FPC-HC3V lxd CA certificate sign check bypass

Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, th...

GO-2024-2617 Authentication bypass in github.com/hashicorp/vault

The TLS certificate authentication method incorrectly validates client certificates when configured with a non-CA certificate as a trusted certificate. When configured this way, attackers may be able to craft a certificate that can be used to bypass authentication...

BIT-NODE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

SUSE CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

Design/Logic Flaw

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

CVE-2018-1000664

daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...

Design/Logic Flaw

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

CVE-2011-0228

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

CVE-2011-0228

Affected software: Apple iOS prior to 4.2.10 and 4.3.x prior to 4.3.5. Vulnerability: The Data Security component does not check the basicConstraints parameter when validating X.509 certificate chains, allowing a non-CA certificate to sign a certificate for any domain. This enables a man-in-the-m...

EUVD-2011-0254

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...