CVE-2026-45388
9.1 CRITICALIn OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows imp...
Published: 2026-06-15 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-295
Description
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-71261 — An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere... (8.6 HIGH)
- CVE-2026-9259 — Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
- CVE-2026-9258 — Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
- CVE-2026-45170 — Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validati...
- CVE-2026-45175 — Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes