CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 23 of 25
- CVE-2026-1531HIGHCVSS 8.1EG 8.12026-02-02
A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, cap…
- CVE-2026-1778MEDIUMCVSS 5.9EG 5.92026-02-02
Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed ce…
- CVE-2026-20042MEDIUMCVSS 6.5EG 6.52026-04-01
A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exis…
- CVE-2026-20184CRITICALCVSS 9.8EG 9.82026-04-15
A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of…
- CVE-2026-21228HIGHCVSS 8.1EG 8.12026-02-10
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
- CVE-2026-21945HIGHCVSS 7.5EG 7.52026-01-20
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29…
- CVE-2026-22250LOWCVSS 2.5EG 2.52026-01-12
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vulnerability is fixed in 1.17.0.
- CVE-2026-22613MEDIUMCVSS 5.7EG 5.72026-02-09
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmwar…
- CVE-2026-22696CRITICALCVSS 9.3EG 9.32026-01-26
dcap-qvl implements the quote verification logic for DCAP (Data Center Attestation Primitives). A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The l…
- CVE-2026-22747HIGHCVSS 8.1EG 6.82026-04-22
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certific…
- CVE-2026-23776HIGHCVSS 7.2EG 7.22026-04-17
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an I…
- CVE-2026-23998HIGHCVSS 7.5EG 7.52026-05-14
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstan…
- CVE-2026-24281HIGHCVSS 7.4EG 7.42026-03-07
Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate…
- CVE-2026-24734HIGHCVSS 7.5EG 7.52026-02-17
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP re…
- CVE-2026-24932MEDIUMCVSS 5.9EG 5.92026-02-03
The DDNS update function in ADM fails to properly validate the hostname of the DDNS server's TLS/SSL certificate. Although the connection uses HTTPS, an improper validated TLS/SSL certificates allows a remote attacker can intercept the com…
- CVE-2026-24933MEDIUMCVSS 5.9EG 5.92026-02-03
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middl…
- CVE-2026-24934LOWCVSS 3.7EG 3.72026-02-03
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) att…
- CVE-2026-24935MEDIUMCVSS 5.6EG 5.62026-02-03
A third-party NAT traversal module fails to validate SSL/TLS certificates when connecting to the signaling server. While subsequent access to device services requires additional authentication, a Man-in-the-Middle (MitM) attacker can inter…
- CVE-2026-25160CRITICALCVSS 9.1EG 9.12026-02-04
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the …
- CVE-2026-25644HIGHCVSS 7.5EG 7.52026-02-06
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.
- CVE-2026-25834MEDIUMCVSS 6.5EG 6.52026-04-01
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
- CVE-2026-2590CRITICALCVSS 9.8EG 9.82026-03-03
Improper enforcement of the Disable password saving in vaults setting in the connection entry component in Devolutions Remote Desktop Manager 2025.3.30 and earlier allows an authenticated user to persist credentials in vault entries, po…
- CVE-2026-25961HIGHCVSS 7.5EG 7.52026-02-09
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network at…
- CVE-2026-27134HIGHCVSS 8.1EG 8.12026-02-21
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of m…
- CVE-2026-27137HIGHCVSS 7.5EG 7.52026-03-06
When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the las…
- CVE-2026-27138MEDIUMCVSS 5.9EG 5.92026-03-06
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chain…
- CVE-2026-29140MEDIUMCVSS 5.3EG 5.32026-04-02
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures.
- CVE-2026-32144HIGHCVSS 7.4EG 7.42026-04-07
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_val…
- CVE-2026-32253CRITICALCVSS 9.8EG 9.82026-05-22
Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom ve…
- CVE-2026-32281HIGHCVSS 7.5EG 7.52026-04-08
Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trust…
- CVE-2026-32293LOWCVSS 3.7EG 3.72026-03-17
The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client …
- CVE-2026-32992HIGHCVSS 8.2EG 8.22026-05-13
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
- CVE-2026-3336HIGHCVSS 7.5EG 7.52026-03-02
Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do…
- CVE-2026-33753MEDIUMCVSS 6.2EG 6.22026-04-08
rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trus…
- CVE-2026-33810HIGHCVSS 7.5EG 7.52026-04-08
When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted cert…
- CVE-2026-33896CRITICALCVSS 9.1EG 7.42026-03-27
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate cert…
- CVE-2026-34477MEDIUMCVSS 5.9EG 5.92026-04-10
The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemp…
- CVE-2026-34580HIGHCVSS 7.5EG 7.52026-04-07
Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of th…
- CVE-2026-35207MEDIUMCVSS 5.4EG 5.42026-04-09
dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-control-center, which provides the deepinid cloud service. Prior to 6.1.80, plugin-deepinid is configured to skip TLS certif…
- CVE-2026-35389HIGHCVSS 7.5EG 7.52026-04-06
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false). Any email signed with a self-signed or untrusted cer…
- CVE-2026-35560HIGHCVSS 7.4EG 7.42026-04-03
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default tra…
- CVE-2026-39388LOWCVSS 3.1EG 3.12026-04-21
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` is set, attempts to verify the current re…
- CVE-2026-39828MEDIUMCVSS 6.3EG 6.32026-05-22
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeede…
- CVE-2026-39835MEDIUMCVSS 5.3EG 5.32026-05-22
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these c…
- CVE-2026-39984MEDIUMCVSS 5.5EG 5.52026-04-15
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certi…
- CVE-2026-40243MEDIUMCVSS 4.8EG 4.82026-05-06
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable…
- CVE-2026-40557MEDIUMCVSS 4.8EG 4.82026-04-27
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.r…
- CVE-2026-40944MEDIUMCVSS 6.9EG 6.92026-04-21
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., in…
- CVE-2026-40970MEDIUMCVSS 5.0EG 5.02026-04-27
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per ve…
- CVE-2026-40971MEDIUMCVSS 5.0EG 5.02026-04-27
When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14) pe…
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →