CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CVE-2026-42769

CVE-2026-42769 describes a vulnerability in CMP rootCaKeyUpdate processing where a typo in certificate chain building caused the newWithOld certificate to be incorrectly added to the chain, bypassing full verification. This allows an attacker with valid CMP protections to craft a self-signed cert...

PT-2026-47839

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

CLSA-2026-1771112524 Update of alt-php

Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

Update of nss

update to CKBI 2.74 from NSS 3.110 - updated certificates: - Certificate "certSIGN ROOT CA" - Certificate "ACCVRAIZ1" - Certificate "Entrust Root Certification Authority - G4" - Certificate "Security Communication ECC RootCA1" - Certificate "BJCA Global Root CA1" - Certificate "BJCA Global Root...

CLSA-2024-1730917116 Update of ca-certificates

update to CKBI 2.70 from NSS 3.106 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Baltimore CyberTrust...

CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

SSL Root Certification Authority Distrusted

The remote service uses an SSL certificate chain that contains a root Certification Authority certificate at the top of the chain that is issued from a distrusted Certification Authority. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid124410; scriptversion"1.1";...

SSL Root Certification Authority Certificate Information

The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain. C Tenable Network Security, Inc. if NASLLEVEL 3208 exit0; include"compat.inc"; if description scriptid94761; scriptversion"1.2"; scriptcvsdate"Date:...

ca-certificates-mozilla: add, remove or blacklist some certificates (important)

The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...