In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).
References
| Link | Resource |
|---|---|
| https://osv.dev/vulnerability/OSEC-2026-07 |
Configurations
No configuration.
History
17 Jun 2026, 17:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://osv.dev/vulnerability/OSEC-2026-07 - | |
| CWE | CWE-295 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
16 Jun 2026, 15:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| References | () https://osv.dev/vulnerability/OSEC-2026-07 - |
15 Jun 2026, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-15 20:16
Updated : 2026-06-17 17:17
NVD link : CVE-2026-45389
Mitre link : CVE-2026-45389
CVE.ORG link : CVE-2026-45389
JSON object : View
Products Affected
No product.
CWE
CWE-295
Improper Certificate Validation
