Step-ca@0.30.0 Security Vulnerabilities and Issues — Step-ca@0.30.0 CVE List

SmallstepStep-ca0.30.0

2 matches found

CVE•added 2026/04/10 4:34 p.m.•4 views

CVE-2026-40097

CVE-2026-40097 affects Step CA (online CA for secure, automated certificate management). From version 0.24.0 up to before 0.30.0-rc3, an attacker can trigger an index-out-of-bounds panic during TPM device attestation by sending a crafted attestation key certificate with an empty EKU extension. Sp...

3.7CVSS5.9AI score0.00052EPSS

CVE•added 2026/03/19 8:37 p.m.•2 views

CVE-2026-30836

CVE-2026-30836 affects step-ca (github.com/smallstep/certificates). The issue allows unauthenticated certificate issuance via SCEP UpdateReq (MessageType=18) due to inadequate protection in UpdateReq handling. Affected versions are 0.30.0-rc6 and below; the vulnerability is fixed in version 0.30....

10CVSS5.7AI score0.00011EPSS