Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false — pjproject 7.5AIHighAI2026-05-07
CVE-2026-5787 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager Mobile 8.9 High2026-05-07
CVE-2026-7821 Ivanti EPMM 信任管理问题漏洞 — Endpoint Manager Mobile 7.4 High2026-05-07
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling — Red Hat Enterprise Linux 10 7.4 High2026-05-07
CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation — incus 9.1AICriticalAI2026-05-06
CVE-2025-42611 Improper certificate validation in multiple RouterOS services — RouterOS 6.5 Medium2026-05-05
CVE-2026-41016 Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider — Apache Airflow Providers SMTP 7.4 -2026-04-30
CVE-2025-10539 Improper TLS Certificate Validation RCE via Malicious Update in DeskTime Time Tracking App — DeskTime Time Tracking App 8.1AIHighAI2026-04-28
CVE-2026-40974 VMware Spring Boot 信任管理问题漏洞 — Spring Boot 5.0 Medium2026-04-27
CVE-2026-40971 VMware Spring Boot 信任管理问题漏洞 — Spring Boot 5.0 Medium2026-04-27
CVE-2026-40970 VMware Spring Boot 信任管理问题漏洞 — Spring Boot 5.0 Medium2026-04-27
CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections — Apache Storm Prometheus Reporter 7.4AIHighAI2026-04-27
CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles — oxia 7.5AIHighAI2026-04-21
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate — openbao 7.5AIHighAI2026-04-21
CVE-2026-23776 Dell PowerProtect Data Domain(Dell PowerProtect DD) 安全漏洞 — PowerProtect Data Domain 7.2 High2026-04-17
CVE-2026-20184 Cisco Webex Meetings Certificate Validation Vulnerability — Cisco Webex Meetings 9.8 Critical2026-04-15
CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier — timestamp-authority 5.5 Medium2026-04-14
CVE-2025-40745 Siemens多款产品 信任管理问题漏洞 — Siemens Software Center 3.7 Low2026-04-14
CVE-2026-0233 Autonomous Digital Experience Manager: Improper validation of ADEM certificate — Autonomous Digital Experience Manager 8.8 -2026-04-13
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates — wolfSSL 5.9 -2026-04-10
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints() — wolfSSL 7.5AIHighAI2026-04-09
CVE-2026-5194 wolfSSL ECDSA Certificate Verification — wolfSSL 5.3AIMediumAI2026-04-09
CVE-2026-35207 deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server — dde-control-center 5.4 Medium2026-04-09
CVE-2026-33753 Improper Certificate Validation in rfc3161-client — rfc3161-client 6.2 Medium2026-04-08
CVE-2026-34580 Botan has a certificate authentication bypass due to trust anchor confusion — botan 5.3AIMediumAI2026-04-07
CVE-2026-4740 Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation — Multicluster Engine for Kubernetes 8.2 High2026-04-07
CVE-2026-32144 OCSP designated-responder authorization bypass via missing signature verification — OTP 5.9AIMediumAI2026-04-07
CVE-2026-35389 Bulwark Webmail S/MIME signature verification accepted self-signed certificates — webmail 5.3AIMediumAI2026-04-06
CVE-2026-35560 Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver — Amazon Athena ODBC driver 7.4 High2026-04-03
CVE-2026-29140 S/MIME Signature Additional Certificate — Secure Email Gateway 7.5AIHighAI2026-04-02

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.