CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 24 of 25
- CVE-2026-40974MEDIUMCVSS 5.0EG 5.02026-04-28
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16),…
- CVE-2026-40992MEDIUMCVSS 5.0EG 5.02026-06-11
Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions:…
- CVE-2026-41016MEDIUMCVSS 5.9EG 5.92026-04-30
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server c…
- CVE-2026-41119MEDIUMCVSS 6.8EG 6.82026-05-18
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integr…
- CVE-2026-41132HIGHCVSS 7.4EG 7.42026-05-13
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails…
- CVE-2026-41603HIGHCVSS 7.4EG 7.42026-04-28
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
- CVE-2026-41714MEDIUMCVSS 4.0EG 4.02026-06-10
Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected versio…
- CVE-2026-41859HIGHCVSS 7.8EG 7.82026-06-04
A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into the NATS authorization file. Stolen creden…
- CVE-2026-41872HIGHCVSS 7.4EG 7.42026-05-12
"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application …
- CVE-2026-42011HIGHCVSS 7.4EG 7.42026-05-07
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypas…
- CVE-2026-42012HIGHCVSS 7.1EG 7.12026-05-26
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could caus…
- CVE-2026-42013HIGHCVSS 8.2EG 8.22026-05-26
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to…
- CVE-2026-42213MEDIUMCVSS 5.1EG 5.12026-05-08
SolidCAM-GPPL-IDE is an unofficial, independently developed extension, Postprocessor IDE for SolidCAM. From version 1.0.0 to before version 1.0.2, the inc "filename" directive in GPPL postprocessor files is resolved by GpplDocumentLinkHand…
- CVE-2026-42225MEDIUMCVSS 5.9EG 5.92026-05-07
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid or untrusted certificates even when the a…
- CVE-2026-42312MEDIUMCVSS 6.8EG 6.82026-05-11
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates security-sensitive options behind a hand…
- CVE-2026-42508CRITICALCVSS 9.1EG 9.12026-05-22
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
- CVE-2026-42769MEDIUMCVSS 5.3EG 5.32026-06-09
Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation ineffectual, which could lead to escalation …
- CVE-2026-42789HIGHCVSS 8.0EG 8.02026-05-27
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/s…
- CVE-2026-42790HIGHCVSS 7.4EG 7.42026-05-27
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a sub…
- CVE-2026-42791LOWCVSS 3.7EG 3.72026-05-27
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verif…
- CVE-2026-4370CRITICALCVSS 10.0EG 10.02026-04-01
A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju contro…
- CVE-2026-43869HIGHCVSS 7.3EG 7.32026-05-05
Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
- CVE-2026-44213MEDIUMCVSS 6.5EG 6.52026-05-26
The OpenTelemetry.Exporter.Instana exports telemetry to Instana backend. Prior to 1.1.0, the OpenTelemetry.Exporter.Instana NuGet package does not validate HTTPS/TLS certificates are valid when sending telemetry to a configured Instana bac…
- CVE-2026-44305MEDIUMCVSS 6.8EG 6.82026-05-12
Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a…
- CVE-2026-44309MEDIUMCVSS 5.3EG 5.32026-05-15
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking t…
- CVE-2026-44312MEDIUMCVSS 5.8EG 5.82026-05-14
css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle (MITM) attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The con…
- CVE-2026-44363MEDIUMCVSS 5.8EG 5.82026-05-13
MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The html_to_markdown module accepted arbitrar…
- CVE-2026-44393HIGHCVSS 7.4EG 7.42026-06-04
An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enabl…
- CVE-2026-44700HIGHCVSS 8.7EG 8.72026-05-14
Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug …
- CVE-2026-44900HIGHCVSS 8.1EG 8.12026-05-26
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Si…
- CVE-2026-45170HIGHCVSS 8.8EG 8.82026-06-12
Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
- CVE-2026-45175HIGHCVSS 7.8EG 7.82026-06-11
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Un…
- CVE-2026-45388CRITICALCVSS 9.1EG 9.12026-06-15
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and Ext…
- CVE-2026-45389HIGHCVSS 7.4EG 9.12026-06-15
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authenti…
- CVE-2026-45574HIGHCVSS 8.1EG 8.12026-05-15
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong …
- CVE-2026-45745HIGHCVSS 8.0EG 8.02026-06-05
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attack…
- CVE-2026-46734HIGHCVSS 7.8EG 7.32026-06-25
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protectio…
- CVE-2026-47074HIGHCVSS 8.7EG 8.72026-05-28
Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex_aws/sns.ex, lib/…
- CVE-2026-4740HIGHCVSS 8.2EG 8.22026-04-07
A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client c…
- CVE-2026-48246MEDIUMCVSS 5.9EG 5.92026-05-21
Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for Google Maps Directions A…
- CVE-2026-48247MEDIUMCVSS 5.9EG 5.92026-05-21
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose ou…
- CVE-2026-48248MEDIUMCVSS 5.9EG 5.92026-05-21
Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during the login/au…
- CVE-2026-48249MEDIUMCVSS 5.9EG 5.92026-05-21
Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests issued during th…
- CVE-2026-48697HIGHCVSS 7.4EG 7.42026-05-26
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls…
- CVE-2026-4873MEDIUMCVSS 5.9EG 5.92026-05-13
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to th…
- CVE-2026-48934MEDIUMCVSS 4.3EG 4.32026-06-26
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**.
- CVE-2026-49267MEDIUMCVSS 5.9EG 5.92026-06-01
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`…
- CVE-2026-50752HIGHCVSS 7.4EG 7.42026-06-08
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certifica…
- CVE-2026-5194CRITICALCVSS 9.1EG 9.12026-04-09
Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to …
- CVE-2026-5263MEDIUMCVSS 6.5EG 6.52026-04-09
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that viola…
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →