GHSA-8wf9-g5q8-gg97CriticalCVSS 9.1

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate...

Published
June 15, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

🔗 References (3)