Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-30836
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-19 Mar, 2026 | 20:37
Updated At-25 Mar, 2026 | 14:16
Rejected At-
▼CVE Numbering Authority (CNA)
Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

Affected Products
Vendor
smallstep
Product
certificates
Versions
Affected
  • < 0.30.0
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
CWECWE-295CWE-295: Improper Certificate Validation
Type: CWE
CWE ID: CWE-287
Description: CWE-287: Improper Authentication
Type: CWE
CWE ID: CWE-295
Description: CWE-295: Improper Certificate Validation
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/smallstep/certificates/security/advisories/GHSA-q4r8-xm5f-56gw
x_refsource_CONFIRM
https://github.com/smallstep/certificates/commit/e6da031d5125cfd99fe9a26f74bb41e4dacca4ef
x_refsource_MISC
https://github.com/smallstep/certificates/releases/tag/v0.30.0-rc7
x_refsource_MISC
Hyperlink: https://github.com/smallstep/certificates/security/advisories/GHSA-q4r8-xm5f-56gw
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/smallstep/certificates/commit/e6da031d5125cfd99fe9a26f74bb41e4dacca4ef
Resource:
x_refsource_MISC
Hyperlink: https://github.com/smallstep/certificates/releases/tag/v0.30.0-rc7
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found