CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 25 of 25
- CVE-2026-53475HIGHCVSS 7.4EG 9.32026-06-10
A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) attacker to intercept and har…
- CVE-2026-54100HIGHCVSS 8.3EG 8.32026-06-22
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker wh…
- CVE-2026-54323MEDIUMCVSS 5.9EG 5.92026-06-23
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git cre…
- CVE-2026-54919HIGHCVSS 7.4EG 7.42026-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPH…
- CVE-2026-5501HIGHCVSS 8.1EG 8.12026-04-10
wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately…
- CVE-2026-55436HIGHCVSS 7.4EG 7.42026-07-06
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose defau…
- CVE-2026-55960HIGHCVSS 7.5EG 7.52026-06-25
Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative() accepts it without performing any trust verification; it must therefore on…
- CVE-2026-55964MEDIUMCVSS 5.3EG 5.32026-06-25
Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs (WOLFSSL_TEMP_CA) …
- CVE-2026-57289MEDIUMCVSS 4.8EG 4.82026-06-24
Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, …
- CVE-2026-5787HIGHCVSS 8.9EG 8.92026-05-07
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
- CVE-2026-59818MEDIUMCVSS 6.5EG 6.52026-07-08
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-cr…
- CVE-2026-6091MEDIUMCVSS 6.5EG 6.52026-06-25
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and ha…
- CVE-2026-6450MEDIUMCVSS 5.3EG 5.32026-06-25
A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enable…
- CVE-2026-6731HIGHCVSS 7.5EG 7.52026-06-25
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted.
- CVE-2026-6860MEDIUMCVSS 5.3EG 5.32026-05-06
A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com …
- CVE-2026-6900HIGHCVSS 7.4EG 7.42026-07-06
Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5.
- CVE-2026-7009MEDIUMCVSS 5.3EG 5.32026-05-13
When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.
- CVE-2026-7532HIGHCVSS 7.5EG 7.52026-06-25
iPAddress name constraints bypass when WOLFSSL_IP_ALT_NAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints.
- CVE-2026-7821HIGHCVSS 7.4EG 7.42026-05-07
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disc…
- CVE-2026-8286HIGHCVSS 8.1EG 8.12026-07-03
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
- CVE-2026-8367MEDIUMCVSS 4.8EG 4.82026-05-13
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentica…
- CVE-2026-8480MEDIUMCVSS 4.3EG 4.32026-07-01
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin…
- CVE-2026-8992HIGHCVSS 8.8EG 8.82026-05-22
An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.
- CVE-2026-9258CRITICALCVSS 9.8EG 6.52026-06-16
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
- CVE-2026-9259CRITICALCVSS 9.8EG 6.52026-06-16
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
- CVE-2026-9697HIGHCVSS 7.4EG 7.42026-06-17
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI (socks5:// or socks://). The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user…
- CVE-2026-9758HIGHCVSS 7.3EG 7.32026-06-10
Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →