Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-55436

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 Jul, 2026 | 00:26
Updated At-08 Jul, 2026 | 13:11
Rejected At-
Credits

Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL accepted any TLS certificate. Practical exploitation requires an on-path (man-in-the-middle) position between the AI Bridge Proxy and the Coder server. Deployments where they are co-located over loopback are effectively unaffected. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally. As a workaround, ensure the Coder access URL uses a trusted certificate and secure the network path between the AI Bridge Proxy and the Coder server (for example, loopback or mTLS).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 Jul, 2026 | 00:26
Updated At:08 Jul, 2026 | 13:11
Rejected At:
â–¼CVE Numbering Authority (CNA)
Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL accepted any TLS certificate. Practical exploitation requires an on-path (man-in-the-middle) position between the AI Bridge Proxy and the Coder server. Deployments where they are co-located over loopback are effectively unaffected. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally. As a workaround, ensure the Coder access URL uses a trusted certificate and secure the network path between the AI Bridge Proxy and the Coder server (for example, loopback or mTLS).

Affected Products
Vendor
coder
Product
coder
Versions
Affected
  • >= 2.34.0, < 2.34.2
  • >= 2.33.0, < 2.33.8
  • >= 2.30.0, < 2.32.7
Problem Types
TypeCWE IDDescription
CWECWE-295CWE-295: Improper Certificate Validation
Type: CWE
CWE ID: CWE-295
Description: CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52
x_refsource_CONFIRM
https://github.com/coder/coder/pull/26131
x_refsource_MISC
https://github.com/coder/coder/releases/tag/v2.32.7
x_refsource_MISC
https://github.com/coder/coder/releases/tag/v2.33.8
x_refsource_MISC
https://github.com/coder/coder/releases/tag/v2.34.2
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/coder/coder/pull/26131
Resource:
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/releases/tag/v2.32.7
Resource:
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/releases/tag/v2.33.8
Resource:
x_refsource_MISC
Hyperlink: https://github.com/coder/coder/releases/tag/v2.34.2
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 Jul, 2026 | 01:16
Updated At:08 Jul, 2026 | 19:39

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL accepted any TLS certificate. Practical exploitation requires an on-path (man-in-the-middle) position between the AI Bridge Proxy and the Coder server. Deployments where they are co-located over loopback are effectively unaffected. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally. As a workaround, ensure the Coder access URL uses a trusted certificate and secure the network path between the AI Bridge Proxy and the Coder server (for example, loopback or mTLS).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

coder
coder
>>coder>>Versions from 2.30.0(inclusive) to 2.32.7(exclusive)
cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*
coder
coder
>>coder>>Versions from 2.33.0(inclusive) to 2.33.8(exclusive)
cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*
coder
coder
>>coder>>Versions from 2.34.0(inclusive) to 2.34.2(exclusive)
cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*
Weaknesses
CWE IDTypeSource
CWE-295Secondarysecurity-advisories@github.com
CWE ID: CWE-295
Type: Secondary
Source: security-advisories@github.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/coder/coder/pull/26131security-advisories@github.com
Issue Tracking
Patch
https://github.com/coder/coder/releases/tag/v2.32.7security-advisories@github.com
Release Notes
https://github.com/coder/coder/releases/tag/v2.33.8security-advisories@github.com
Release Notes
https://github.com/coder/coder/releases/tag/v2.34.2security-advisories@github.com
Release Notes
https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52security-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/coder/coder/pull/26131
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/coder/coder/releases/tag/v2.32.7
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/coder/coder/releases/tag/v2.33.8
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/coder/coder/releases/tag/v2.34.2
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

120Records found

CVE-2026-55075
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.48% / 38.22%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 21:33
Updated-08 Jul, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the `email_verified` claim was only enforced when present as a boolean `false` so an absent or non-boolean claim was treated as verified. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 restricts the email fallback to first-time and legacy linking and defaults `email_verified` to false when the claim is absent or of an unexpected type. As a workaround, configure the OIDC provider to disallow self-registration or to require email verification before issuing tokens.

Action-Not Available
Vendor-codercoder
Product-codercoder
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-289
Authentication Bypass by Alternate Name
CVE-2026-55076
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.48% / 38.22%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 22:23
Updated-08 Jul, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `"false"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject. As a workaround, ensure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.

Action-Not Available
Vendor-codercoder
Product-codercoder
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2019-7615
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7.4||HIGH
EPSS-0.64% / 46.78%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 21:15
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

Action-Not Available
Vendor-Elasticsearch BV
Product-apm-agent-rubyElastic APM agent for Ruby
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-22156
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 42.33%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 00:20
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2022-21656
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.78% / 51.81%
||
7 Day CHG+0.01%
Published-22 Feb, 2022 | 22:25
Updated-23 Apr, 2025 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X.509 subjectAltName matching bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. The default_validator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Name or uniformResourceIndicator to be authenticated as a domain name. This confusion allows for the bypassing of nameConstraints, as processed by the underlying OpenSSL/BoringSSL implementation, exposing the possibility of impersonation of arbitrary servers. As a result Envoy will trust upstream certificates that should not be trusted.

Action-Not Available
Vendor-envoyproxyenvoyproxy
Product-envoyenvoy
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2020-13482
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.91% / 55.81%
||
7 Day CHG~0.00%
Published-25 May, 2020 | 21:49
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Action-Not Available
Vendor-em-http-request_projectn/aFedora Project
Product-fedoraem-http-requestn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-13163
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.75% / 50.86%
||
7 Day CHG~0.00%
Published-19 May, 2020 | 21:22
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Action-Not Available
Vendor-em-imap_projectn/a
Product-em-imapn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-6057
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-8.6||HIGH
EPSS-0.22% / 12.12%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:38
Updated-21 Nov, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Action-Not Available
Vendor-Bitdefender
Product-total_securityTotal Securitytotal_security
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-3685
Matching Score-4
Assigner-SUSE
ShareView Details
Matching Score-4
Assigner-SUSE
CVSS Score-7.4||HIGH
EPSS-0.71% / 49.55%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 09:30
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing TLS certificate validation for HTTPS connections in osc

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary

Action-Not Available
Vendor-Open Build ServiceopenSUSE
Product-open_build_serviceOpen Build Service
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-6056
Matching Score-4
Assigner-Bitdefender
ShareView Details
Matching Score-4
Assigner-Bitdefender
CVSS Score-8.6||HIGH
EPSS-0.22% / 12.12%
||
7 Day CHG~0.00%
Published-18 Oct, 2024 | 07:31
Updated-22 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164)

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites.

Action-Not Available
Vendor-Bitdefender
Product-total_securityTotal Securitytotal_security
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-24461
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.4||HIGH
EPSS-0.29% / 20.57%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 14:31
Updated-29 Jan, 2025 | 21:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Edge Client for Windows and macOS vulnerability

An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationF5, Inc.
Product-windowsbig-ip_access_policy_managermacosBIG-IP Edge Client
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-1748
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-1.18% / 64.28%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 23:50
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability

A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS and IOS XE Software
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-16209
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.4||HIGH
EPSS-0.74% / 50.51%
||
7 Day CHG~0.00%
Published-08 Nov, 2019 | 17:19
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-brocade_sannavBrocade SANnav
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-1683
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 54.90%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 17:00
Updated-21 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-spa501g_firmwarespa525g_firmwarespa512gspa500spa525gspa512g_firmwarespa525spa508gspa500s_firmwarespa525_firmwarespa502g_firmwarespa501gspa502gspa5x5spa500sspa509gspa500dsspa504g_firmwarespa112_firmwarespa5x5_firmwarespa509g_firmwarespa508g_firmwarespa112spa514g_firmwarespa514gspa500_firmwarespa500ds_firmwarespa504gCisco Small Business SPA112 Series IP PhonesCisco Small Business SPA5X5 Series IP PhonesCisco Small Business SPA500 Series IP PhonesCisco Small Business SPA525 Series IP Phones
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-1514
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-7.4||HIGH
EPSS-0.32% / 23.66%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:22
Updated-02 Aug, 2024 | 05:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_scripting_interfaceRTU500 Scripting Interface
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-7821
Matching Score-4
Assigner-Ivanti
ShareView Details
Matching Score-4
Assigner-Ivanti
CVSS Score-7.4||HIGH
EPSS-0.51% / 40.06%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 15:26
Updated-07 May, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEndpoint Manager Mobile
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-0509
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.4||HIGH
EPSS-0.53% / 41.03%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 00:00
Updated-31 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Certificate Validation in pyload/pyload

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.

Action-Not Available
Vendor-pyloadpyload-ng_projectpyload
Product-pyload-ngpyloadpyload/pyload
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-6900
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.1||CRITICAL
EPSS-0.14% / 3.96%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 09:53
Updated-06 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Certificate Validation

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-APROL
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-14823
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.86% / 54.40%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 19:35
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.

Action-Not Available
Vendor-jss_cryptomanager_projectDogtagLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linux_serverlinux_kernelenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_eusjss_cryptomanagerenterprise_linux_server_tusenterprise_linux_desktopJSS
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-11688
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-1.10% / 61.88%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 14:58
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.

Action-Not Available
Vendor-n/aASUSTOR Inc.
Product-exfat_drivern/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-3547
Matching Score-4
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-4
Assigner-OpenVPN Inc.
CVSS Score-7.4||HIGH
EPSS-0.98% / 58.30%
||
7 Day CHG+0.01%
Published-12 Jul, 2021 | 10:35
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Action-Not Available
Vendor-openvpnn/a
Product-openvpnOpenVPN 3 Core Library
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-295
Improper Certificate Validation
CVE-2019-10091
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.4||HIGH
EPSS-1.38% / 69.11%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 13:05
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-geodeApache Geode
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-27899
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.64% / 46.62%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 20:48
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected.

Action-Not Available
Vendor-proofpointn/a
Product-insider_threat_managementn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-54919
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-0.26% / 17.96%
||
7 Day CHG~0.00%
Published-10 Jul, 2026 | 16:06
Updated-14 Jul, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
cpp-httplib: TLS certificate chain verification bypassed for IP-literal hosts on Mbed TLS and wolfSSL backends

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT and a client connects to an IP-literal host with server certificate verification enabled, SSLClient and Client in HTTPS mode skip certificate chain validation and WebSocketClient on the Mbed TLS backend skips verification altogether, allowing a man-in-the-middle attacker positioned to intercept traffic to present a crafted certificate and read or modify the traffic. This issue is fixed in version 0.47.0.

Action-Not Available
Vendor-yhiroseyhirose
Product-cpp-httplibcpp-httplib
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-53475
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.25% / 16.67%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 13:55
Updated-16 Jun, 2026 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Assisted-migration-agent: tls verification disabled on all vcenter connections

A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and harvest vCenter administrator credentials. This can lead to unauthorized access to vCenter.

Action-Not Available
Vendor-kubev2v
Product-assisted_migration_agent
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-50752
Matching Score-4
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-4
Assigner-Check Point Software Ltd.
CVSS Score-7.4||HIGH
EPSS-4.86% / 91.05%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 11:00
Updated-10 Jun, 2026 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Action-Not Available
Vendor-Check Point Software Technologies Ltd.
Product-Quantum Security GatewaySpark Firewalls
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-48697
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.16% / 5.95%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 00:00
Updated-27 May, 2026 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server.

Action-Not Available
Vendor-pavel-odintsovn/a
Product-fastnetmonn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-9697
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
ShareView Details
Matching Score-4
Assigner-ce714d77-add3-4f53-aff5-83d477b104bb
CVSS Score-7.4||HIGH
EPSS-0.48% / 38.09%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 16:46
Updated-16 Jul, 2026 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername settings. Applications that pin to an internal or corporate CA via requestTls.ca will, when their proxy URI is SOCKS5, get the default Mozilla CA bundle as the trust anchor instead. Any cert signed by any publicly-trusted CA for the target hostname is accepted, breaking the intended pin and enabling MITM read and tamper of the HTTPS exchange. Affected applications are those that use undici's ProxyAgent (or Socks5ProxyAgent directly) with SOCKS5 AND rely on requestTls for TLS scope restriction. The bug was introduced in undici 7.23.0 when SOCKS5 support was added. Patches: Upgrade to undici v7.28.0 or v8.5.0. Workarounds: No workaround is available within the SOCKS5 path. If a SOCKS5 proxy with TLS scope restriction is required and an upgrade is not yet possible, route the traffic through an HTTP-proxy ProxyAgent instead, where requestTls is honored correctly.

Action-Not Available
Vendor-undiciRed Hat, Inc.Node.js (OpenJS Foundation)
Product-undiciundiciSelf-service automation portal 2Red Hat OpenShift Dev SpacesRed Hat Openshift Data Foundation 4Red Hat Enterprise Linux 10OpenShift PipelinesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Build of Podman DesktopCryostat 4Red Hat Developer Hub 1.10Cluster Observability Operator 1.5.0Red Hat OpenShift Dev Spaces 3.29Red Hat OpenShift Container Platform 4.16Red Hat AMQ Broker 7Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-44393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.16% / 5.60%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 00:00
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenShift Container Platform 4Red Hat OpenStack Platform 18.0
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2026-45389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.19% / 8.89%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 00:00
Updated-17 Jun, 2026 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-42790
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-7.6||HIGH
EPSS-0.34% / 26.02%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 15:09
Updated-16 Jul, 2026 | 04:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

Action-Not Available
Vendor-erlangErlangRed Hat, Inc.
Product-erlang\/otpOTPRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1Red Hat OpenStack Platform 18.0
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CVE-2026-42508
Matching Score-4
Assigner-Go Project
ShareView Details
Matching Score-4
Assigner-Go Project
CVSS Score-9.1||CRITICAL
EPSS-0.49% / 38.78%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 02:31
Updated-17 Jul, 2026 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Action-Not Available
Vendor-golang.org/x/cryptoRed Hat, Inc.Go
Product-cryptogolang.org/x/crypto/ssh/knownhostsRed Hat OpenStack Platform 16.2Red Hat Advanced Cluster Security for Kubernetes 4.9Red Hat OpenShift Builds 1.7.4Red Hat Quay 3OpenShift API for Data ProtectionRed Hat Quay 3.16Multicluster Engine for KubernetesRed Hat Openshift Data Foundation 4.22Red Hat Advanced Cluster Management for Kubernetes 2.11Red Hat OpenShift Builds 1.8.1RHEM 1.1 for RHEL 10Red Hat OpenShift GitOpsDevWorkspace Operator 0.42Red Hat Edge Manager 1.1Red Hat Quay 3.10External Secrets Operator for Red Hat OpenShiftRed Hat OpenShift AI (RHOAI)RHEM 1.1 for RHEL 9Red Hat OpenStack Platform 18.0Red Hat Advanced Cluster Security for Kubernetes 4.10Red Hat Enterprise Linux 10Red Hat Advanced Cluster Management for Kubernetes 2Red Hat Quay 3.9Red Hat Trusted Artifact Signer 1.4Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8OpenShift ServerlessRed Hat Ceph Storage 9Red Hat OpenShift Virtualization 4RHEM 1.0 for RHEL 9Red Hat OpenStack Platform 17.1Assisted Installer for Red Hat OpenShift Container Platform 2Red Hat Edge Manager 1.0Red Hat Hardened ImagesRed Hat OpenShift Container Platform 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-12765
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-7.5||HIGH
EPSS-0.20% / 9.52%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 13:00
Updated-19 Nov, 2025 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pgAdmin 4: LDAP authentication flow vulnerable to TLS certificate verification bypass.

pgAdmin <= 9.9  is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

Action-Not Available
Vendor-pgadminpgadmin.org
Product-pgadmin_4pgAdmin 4
CWE ID-CWE-295
Improper Certificate Validation
CVE-2025-11043
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-9.1||CRITICAL
EPSS-0.21% / 10.71%
||
7 Day CHG~0.00%
Published-19 Jan, 2026 | 15:52
Updated-26 Jan, 2026 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Server Certificate Validation in Automation Studio

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-B&R Automation Studio
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-41603
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.4||HIGH
EPSS-0.57% / 43.43%
||
7 Day CHG-0.02%
Published-28 Apr, 2026 | 09:19
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Thrift: Java TSSLTransportFactory hostname verification

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Action-Not Available
Vendor-Red Hat, Inc.The Apache Software Foundation
Product-thriftApache ThriftOpenShift Service Mesh 2Red Hat OpenShift Container Platform 4Red Hat OpenShift distributed tracing 3Red Hat Advanced Cluster Management for Kubernetes 2.15Multicluster Global Hub 1.3.4Multicluster Global Hub 1.6.2Multicluster Global Hub 1.5.4Red Hat AI Inference ServerRed Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift GitOpsRed Hat OpenShift distributed tracing 3.9.3Red Hat OpenShift AI (RHOAI)Red Hat Advanced Cluster Management for Kubernetes 2.14Multicluster Global Hub 1.4.5
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-37437
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7.4||HIGH
EPSS-0.38% / 30.46%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 19:50
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkSplunk Enterprise
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-1566
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.67% / 47.89%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 17:45
Updated-07 Nov, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Email Security Appliance and Cisco Web Security Appliance Certificate Validation Vulnerability

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asyncosemail_security_applianceweb_security_applianceCisco Web Security Appliance (WSA)
CWE ID-CWE-296
Improper Following of a Certificate's Chain of Trust
CWE ID-CWE-295
Improper Certificate Validation
CVE-2016-11086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.75% / 50.70%
||
7 Day CHG~0.00%
Published-24 Sep, 2020 | 19:34
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

Action-Not Available
Vendor-oauth-ruby_projectn/a
Product-oauth-rubyn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-7383
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.39% / 31.31%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 13:19
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libnbd: nbd server improper certificate validation

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 10
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-32151
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7.4||HIGH
EPSS-0.74% / 50.60%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 16:46
Updated-16 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunksplunk_cloud_platformSplunk EnterpriseSplunk Cloud Platform
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-5523
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.4||HIGH
EPSS-1.18% / 64.04%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 05:25
Updated-04 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Action-Not Available
Vendor-77banksihd-bkhokuginnaganobankshikokubanktohoku-bankashikagabankhokkaidobanknttdataNTT Data Corporation
Product-touginashigin77_bankdoginhokuriku_bank_portalmypalletenagaginshikoku_bankikeda_senshu_bank'MyPallete' and some of the Android banking applications that use 'MyPallete'
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-32156
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-7.4||HIGH
EPSS-0.76% / 51.25%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 00:00
Updated-25 Feb, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-splunkuniversal_forwarderSplunk EnterpriseUniversal Forwarder
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-5819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.62% / 45.73%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FilesAnywhere does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-filesanywheren/a
Product-filesanywheren/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-5817
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.78% / 51.77%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Action-Not Available
Vendor-amazoncodehausn/a
Product-ec2_api_tools_java_libraryxfiren/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2012-5822
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.60% / 44.77%
||
7 Day CHG~0.00%
Published-04 Nov, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-zambonin/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-55581
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.27% / 18.54%
||
7 Day CHG~0.00%
Published-26 Feb, 2025 | 00:00
Updated-07 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).

Action-Not Available
Vendor-adacoren/aDebian GNU/Linux
Product-ada_web_serverdebian_linuxn/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2022-27890
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 12.89%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.

Action-Not Available
Vendor-palantirPalantir
Product-atlasdbAtlasDB
CWE ID-CWE-297
Improper Validation of Certificate with Host Mismatch
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-54848
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.30% / 22.02%
||
7 Day CHG+0.01%
Published-10 Jan, 2025 | 00:00
Updated-02 Oct, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.

Action-Not Available
Vendor-n/aCP PLUS (Aditya Group - Aditya Infotech Limited)
Product-cp-vnr-3104cp-vnr-3104_firmwaren/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-52329
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.5||CRITICAL
EPSS-0.36% / 28.79%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 16:36
Updated-23 Sep, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS HOME mobile app plugins do not properly validate TLS certificates

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

Action-Not Available
Vendor-ecovacsECOVACS
Product-homeECOVACS HOME
CWE ID-CWE-295
Improper Certificate Validation
CVE-2024-52330
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
CVSS Score-9.5||CRITICAL
EPSS-0.33% / 25.63%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 16:36
Updated-23 Sep, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

Action-Not Available
Vendor-ecovacsECOVACS
Product-deebot_x1s_pro_plusdeebot_x5_pro_ultradeebot_x1_turbodeebot_x1_omnideebot_x5_pro_plus_firmwaredeebot_x1s_pro_firmwaredeebot_t10_firmwaredeebot_x2_omnideebot_x1_plus_firmwaredeebot_t10_omnideebot_t10_turbo_firmwaredeebot_x1_firmwaredeebot_x2sdeebot_x2_combodeebot_t10_plus_firmwaredeebot_x2_omni_firmwaredeebot_x1deebot_t10_plusdeebot_x1_pro_omnideebot_x2_combo_firmwaredeebot_t10_turbodeebot_x1_pro_omni_firmwaremate_xdeebot_x5_pro_ultra_firmwaredeebot_x5_pro_firmwaredeebot_x5_prodeebot_x2_pro_firmwaremate_x_firmwaredeebot_x2_prodeebot_x5_pro_plusdeebot_x2s_firmwaredeebot_x1s_pro_plus_firmwaredeebot_t10_omni_firmwaredeebot_x1e_omnideebot_x1_omni_firmwaredeebot_x1_turbo_firmwaredeebot_x1e_omni_firmwaredeebot_x1_plusdeebot_x1s_prodeebot_t10DEEBOT X1 TURBODEEBOT T10 OMNIDEEBOT T10 TURBODEEBOT T10 PLUSDEEBOT X2 PRODEEBOT X5 PRODEEBOT X1 PRO OMNIDEEBOT X1 PLUSDEEBOT X2 OMNIMate XDEEBOT X2SDEEBOT X5 PRO ULTRADEEBOT X5 PRO PLUSDEEBOT X1S PRODEEBOT X1S PRO PLUSDEEBOT T10DEEBOT X1 OMNIDEEBOT X1DEEBOT X2 COMBODEEBOT X1e OMNI
CWE ID-CWE-295
Improper Certificate Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found