CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

CVSS

No CVSS.

References

Link	Resource
https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products

Configurations

No configuration.

History

10 Jun 2026, 07:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-10 07:16

Updated : 2026-06-10 07:16

NVD link : CVE-2026-29114

Mitre link : CVE-2026-29114

CVE.ORG link : CVE-2026-29114

JSON object : View

Products Affected

No product.

CWE

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

{"id": "CVE-2026-29114", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cybersecurity@dahuatech.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-06-10T07:16:24.890", "references": [{"url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products", "source": "cybersecurity@dahuatech.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Secondary", "source": "cybersecurity@dahuatech.com", "description": [{"lang": "en", "value": "CWE-538"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in some Dahua products. An attacker\nmay obtain the device\u2019s CA root certificate. If that CA is installed and\ntrusted on client systems, the attacker could issue fraudulent certificates\ntrusted by those clients and undermine the certificate trust chain."}], "lastModified": "2026-06-10T07:16:24.890", "sourceIdentifier": "cybersecurity@dahuatech.com"}

CVE-2026-29114

JSON object

Attach tags to CVE-2026-29114

Attach tags to `CVE-2026-29114`