CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 22 of 25
- CVE-2025-6026LOWCVSS 3.1EG 3.12025-10-15
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geoloca…
- CVE-2025-6032HIGHCVSS 8.3EG 8.32025-06-24
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
- CVE-2025-6037MEDIUMCVSS 6.8EG 6.82025-08-01
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cer…
- CVE-2025-61727MEDIUMCVSS 6.5EG 6.52025-12-03
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from cl…
- CVE-2025-61729HIGHCVSS 7.5EG 7.52025-12-02
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime…
- CVE-2025-61778CRITICALCVSS 9.3EG 9.32025-10-06
Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private…
- CVE-2025-62371HIGHCVSS 7.4EG 7.42025-10-15
OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided…
- CVE-2025-62375MEDIUMCVSS 6.9EG 6.92025-10-15
go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can i…
- CVE-2025-6433CRITICALCVSS 9.8EG 9.82025-06-24
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requi…
- CVE-2025-64432MEDIUMCVSS 4.7EG 4.72025-11-07
KubeVirt is a virtual machine management add-on for Kubernetes. Versions 1.5.3 and below, and 1.6.0 contained a flawed implementation of the Kubernetes aggregation layer's authentication flow which could enable bypass of RBAC controls. It …
- CVE-2025-64685HIGHCVSS 7.5EG 8.12025-11-10
In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
- CVE-2025-65083LOWCVSS 3.2EG 3.22025-11-17
GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS co…
- CVE-2025-65290HIGHCVSS 7.4EG 7.42025-12-10
Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic …
- CVE-2025-65291HIGHCVSS 7.4EG 7.42025-12-10
Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks o…
- CVE-2025-65753HIGHCVSS 7.5EG 9.02026-02-17
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.
- CVE-2025-65830CRITICALCVSS 9.1EG 9.12025-12-10
Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This m…
- CVE-2025-66001HIGHCVSS 8.8EG 8.82026-01-08
NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the sy…
- CVE-2025-66491MEDIUMCVSS 5.9EG 5.92025-12-09
Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backe…
- CVE-2025-66614CRITICALCVSS 9.1EG 9.12026-02-17
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but…
- CVE-2025-67229CRITICALCVSS 9.8EG 9.82026-01-23
An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.
- CVE-2025-68121CRITICALCVSS 10.0EG 4.82026-02-05
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may h…
- CVE-2025-68161MEDIUMCVSS 4.8EG 4.82025-12-18
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html…
- CVE-2025-69412LOWCVSS 3.4EG 3.42026-01-01
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default…
- CVE-2025-70029HIGHCVSS 7.5EG 7.52026-02-11
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
- CVE-2025-70043CRITICALCVSS 9.1EG 9.12026-02-23
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options
- CVE-2025-7095MEDIUMCVSS 6.1EG 3.72025-07-06
A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible …
- CVE-2025-71063HIGHCVSS 8.2EG 8.22026-01-12
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
- CVE-2025-71261HIGHCVSS 8.6EG 8.62026-06-16
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
- CVE-2025-7390CRITICALCVSS 9.1EG 9.12025-08-21
A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
- CVE-2025-7395CRITICALCVSS 9.2EG 9.22025-07-18
A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allow…
- CVE-2025-8393HIGHCVSS 7.3EG 7.32025-08-08
A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted…
- CVE-2025-8476HIGHCVSS 8.0EG 7.12025-08-01
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to explo…
- CVE-2025-9293HIGHCVSS 8.1EG 8.12026-02-13
A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or mod…
- CVE-2025-9708MEDIUMCVSS 6.8EG 6.82025-09-16
A vulnerability exists in the Kubernetes C# client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority (CA) without properly verifying the trust chain. This flaw allows a maliciou…
- CVE-2025-9785HIGHCVSS 7.7EG 7.72025-09-03
PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to …
- CVE-2026-0228LOWCVSS 1.3EG 1.32026-02-11
An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.
- CVE-2026-0233HIGHCVSS 8.8EG 2.02026-04-13
A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
- CVE-2026-0244MEDIUMCVSS 5.2EG 5.22026-05-13
An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.
- CVE-2026-0248MEDIUMCVSS 6.2EG 6.22026-05-13
An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain i…
- CVE-2026-0249MEDIUMCVSS 4.9EG 4.92026-05-13
Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administ…
- CVE-2026-0277MEDIUMCVSS 5.7EG 5.72026-07-09
An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android an…
- CVE-2026-0872LOWCVSS 2.5EG 2.52026-02-13
Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.
- CVE-2026-10098MEDIUMCVSS 5.3EG 5.32026-06-25
OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup co…
- CVE-2026-10592MEDIUMCVSS 5.3EG 5.32026-06-25
Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted.
- CVE-2026-11310HIGHCVSS 7.5EG 7.52026-06-25
X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra (OPENSSL_EXTRA) and whose application validates certificates by calling X509_verif…
- CVE-2026-11564CRITICALCVSS 9.1EG 9.12026-07-03
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store afte…
- CVE-2026-11999HIGHCVSS 7.5EG 7.52026-06-25
X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate verifier (wolfSSL_X509_verify_cert()). This affects only builds with --enable-opensslextra whose application calls X509_verify_cert() with caller-sup…
- CVE-2026-12064HIGHCVSS 7.5EG 7.52026-07-03
When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initial…
- CVE-2026-12374MEDIUMCVSS 6.4EG 6.42026-07-01
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root vi…
- CVE-2026-1530HIGHCVSS 8.1EG 8.12026-02-02
A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive commu…
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →