Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 500

500 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification — OTP--2026-05-27
CVE-2026-42791 OCSP responder certificate validity period not checked in public_key — OTP--2026-05-27
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation — OTP--2026-05-27
CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured — opentelemetry-dotnet-contrib 6.5 Medium2026-05-26
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans — Red Hat Enterprise Linux 8 7.1 High2026-05-26
CVE-2026-44900 epa4all-client: VAU Signature bypass — epa4all-client 8.1 High2026-05-26
CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production — epa4all-client 8.1 High2026-05-26
CVE-2026-8992 Ivanti Secure Access Client证书验证漏洞致远程代码执行 — Secure Access Client 8.8 High2026-05-22
CVE-2025-32745 Dell PowerFlex Manager<=4.6.2证书验证缺陷 — PowerFlex Manager (Appliance) 4.2 Medium2026-05-22
CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php — Tickets 5.9 Medium2026-05-21
CVE-2026-41119 Dell Live Optics 信任管理问题漏洞 — Live Optics 6.8 Medium2026-05-18
CVE-2026-44700 Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake — ex_webrtc--2026-05-14
CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass — fleet--2026-05-14
CVE-2026-32992 cPanel 信任管理问题漏洞 — cPanel 8.2 High2026-05-13
CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules — misp-modules--2026-05-13
CVE-2026-0248 Prisma Access Agent: Improper Certificate Validation Vulnerability — Prisma Access Agent--2026-05-13
CVE-2026-0244 Prisma SD-WAN: Improper Certificate Validation Vulnerability — Prisma SD-WAN ION--2026-05-13
CVE-2026-41132 CKAN: No certificate validation on STMP connection — ckan--2026-05-13
CVE-2026-0249 GlobalProtect App: Certificate Validation Bypass Vulnerabilities — GlobalProtect App--2026-05-13
CVE-2026-8367 aria2c Improper Certificate Validation — aria2c 4.8 Medium2026-05-13
CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception — lemur 6.8 Medium2026-05-12
CVE-2026-41872 Kura Sushi Official App 信任管理问题漏洞 — "Kura Sushi Official App" for Android--2026-05-12
CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification — pyload 6.8 Medium2026-05-11
CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false — pjproject 7.5AIHighAI2026-05-07
CVE-2026-5787 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager Mobile 8.9 High2026-05-07
CVE-2026-7821 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager Mobile 7.4 High2026-05-07
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling — Red Hat Enterprise Linux 8 7.4 High2026-05-07

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 500 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.