CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-W4VM-8M9W-5QWM
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-07-28 00:00An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.
{
"affected": [],
"aliases": [
"CVE-2020-16197"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain certificate metadata by associating a certificate with certain resources that should fail scope validation.",
"id": "GHSA-w4vm-8m9w-5qwm",
"modified": "2022-07-28T00:00:47Z",
"published": "2022-05-24T17:26:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16197"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6529"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6530"
},
{
"type": "WEB",
"url": "https://github.com/OctopusDeploy/Issues/issues/6531"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W589-R335-4F55
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2024-10-26 22:49In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2015.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2016.3.0"
},
{
"fixed": "2016.11.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2016.11.7"
},
{
"fixed": "2016.11.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2017.5.0"
},
{
"fixed": "2017.7.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2018.2.0"
},
{
"last_affected": "2018.3.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "2019.2.0"
},
{
"fixed": "2019.2.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3000"
},
{
"fixed": "3000.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3001"
},
{
"fixed": "3001.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "salt"
},
"ranges": [
{
"events": [
{
"introduced": "3002"
},
{
"fixed": "3002.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-28972"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-22T21:17:21Z",
"nvd_published_at": "2021-02-27T05:15:00Z",
"severity": "HIGH"
},
"details": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the `vmware.py` files) does not always validate the SSL/TLS certificate.",
"id": "GHSA-w589-r335-4f55",
"modified": "2024-10-26T22:49:11Z",
"published": "2022-05-24T17:43:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28972"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5011"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-22"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202103-01"
},
{
"type": "WEB",
"url": "https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YOGNT2XWPOYV7YT75DN7PS4GIYWFKOK5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUGLOJ6NXLCIFRD2JTXBYQEMAEF2B6XH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7GRVZ5WAEI3XFN2BDTL6DDXFS5HYSDVB"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3002.3.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3001.5.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/doc/topics/releases/3000.7.rst#L14"
},
{
"type": "WEB",
"url": "https://github.com/saltstack/salt/blob/8f9405cf8e6f7d7776d5000841c886dec6d96250/CHANGELOG.md?plain=1#L2358"
},
{
"type": "PACKAGE",
"url": "https://github.com/saltstack/salt"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/salt/PYSEC-2021-74.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SaltStack Salt Improper Certificate Validation"
}
GHSA-W5FC-H82J-VQ6W
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2018-8019"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-31T13:29:00Z",
"severity": "HIGH"
},
"details": "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",
"id": "GHSA-w5fc-h82j-vq6w",
"modified": "2022-05-13T01:28:42Z",
"published": "2022-05-13T01:28:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8019"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2469"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2470"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104936"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5FP-2J8V-X63M
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2022-05-24 17:39Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
{
"affected": [],
"aliases": [
"CVE-2021-1276"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T20:15:00Z",
"severity": "MODERATE"
},
"details": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests.\n These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device.\n For more information about these vulnerabilities, see the Details section of this advisory.\n ",
"id": "GHSA-w5fp-2j8v-x63m",
"modified": "2022-05-24T17:39:39Z",
"published": "2022-05-24T17:39:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1276"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-cert-check-BdZZV9T3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-W5J8-5P9W-GVX5
Vulnerability from github – Published: 2026-01-22 18:30 – Updated: 2026-01-22 18:30The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.
First identified on Nissan Leaf ZE1 manufactured in 2020.
{
"affected": [],
"aliases": [
"CVE-2025-32057"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-22T16:16:06Z",
"severity": "MODERATE"
},
"details": "The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 \u2013 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root certificate is not verified. As a result, an attacker may be able to impersonate a Redbend backend server using a self-signed certificate.\n\n\n\nFirst identified on Nissan Leaf ZE1 manufactured in 2020.",
"id": "GHSA-w5j8-5p9w-gvx5",
"modified": "2026-01-22T18:30:31Z",
"published": "2026-01-22T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32057"
},
{
"type": "WEB",
"url": "https://pcacybersecurity.com/resources/advisory/vulnerabilities-in-nissan-infotainment-manufactured-by-bosch"
},
{
"type": "WEB",
"url": "https://www.nissan.co.uk/vehicles/new-vehicles/leaf.html"
},
{
"type": "WEB",
"url": "http://i.blackhat.com/Asia-25/Asia-25-Evdokimov-Remote-Exploitation-of-Nissan-Leaf.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W5Q8-36W3-W88M
Vulnerability from github – Published: 2023-05-12 15:30 – Updated: 2024-04-04 04:03An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
{
"affected": [],
"aliases": [
"CVE-2023-27823"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-12T14:15:09Z",
"severity": "CRITICAL"
},
"details": "An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.",
"id": "GHSA-w5q8-36w3-w88m",
"modified": "2024-04-04T04:03:54Z",
"published": "2023-05-12T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27823"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/172276/Optoma-1080PSTX-Firmware-C02-Authentication-Bypass.html"
},
{
"type": "WEB",
"url": "http://optoma.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6MM-86QP-2R3Q
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-08-05 15:30Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
{
"affected": [],
"aliases": [
"CVE-2024-6472"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T13:15:47Z",
"severity": "HIGH"
},
"details": "Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.",
"id": "GHSA-w6mm-86qp-2r3q",
"modified": "2024-08-05T15:30:51Z",
"published": "2024-08-05T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472"
},
{
"type": "WEB",
"url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2024-6472"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6Q2-48CH-FJ26
Vulnerability from github – Published: 2023-04-10 15:30 – Updated: 2025-02-11 18:49Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "bigflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-25392"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-10T21:04:11Z",
"nvd_published_at": "2023-04-10T14:15:00Z",
"severity": "MODERATE"
},
"details": "Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.",
"id": "GHSA-w6q2-48ch-fj26",
"modified": "2025-02-11T18:49:52Z",
"published": "2023-04-10T15:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25392"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/pull/357"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/commit/4ce197ff99bd38693dea59ab5e9b781fbcef4276"
},
{
"type": "WEB",
"url": "https://github.com/allegro/bigflow/commit/7e956661f76907594e8c82e8fb0af76dbea2a0fc"
},
{
"type": "PACKAGE",
"url": "https://github.com/allegro/bigflow"
},
{
"type": "WEB",
"url": "https://lutrasecurity.com/en/articles/cve-2023-25392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation"
}
GHSA-W6XV-MF6F-R5F6
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2024-10-22 17:23The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "scalyr-agent-2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-24714"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-29T11:00:05Z",
"nvd_published_at": "2020-08-27T22:15:00Z",
"severity": "CRITICAL"
},
"details": "The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option.",
"id": "GHSA-w6xv-mf6f-r5f6",
"modified": "2024-10-22T17:23:30Z",
"published": "2022-05-24T17:26:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24714"
},
{
"type": "WEB",
"url": "https://github.com/scalyr/scalyr-agent-2/commit/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/scalyr-agent-2/PYSEC-2020-251.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/scalyr/scalyr-agent-2"
},
{
"type": "WEB",
"url": "https://github.com/scalyr/scalyr-agent-2/blob/96d5f5bec734c7a0e7c64654cdb7aacc81fdc867/CHANGELOG.md"
},
{
"type": "WEB",
"url": "https://scalyr-static.s3.amazonaws.com/technical-details/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Scalyr Agent Missing SSL Certificate Validation"
}
GHSA-W7PJ-7H9P-G4JC
Vulnerability from github – Published: 2026-03-11 21:31 – Updated: 2026-03-11 21:31Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
{
"affected": [],
"aliases": [
"CVE-2026-24508"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-11T20:16:14Z",
"severity": "LOW"
},
"details": "Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.",
"id": "GHSA-w7pj-7h9p-g4jc",
"modified": "2026-03-11T21:31:03Z",
"published": "2026-03-11T21:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24508"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000427573/dsa-2026-093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.