Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-20042 Cisco Nexus Dashboard Configuration REST API Unauthorized Access Vulnerability — Cisco Nexus Dashboard 6.5 Medium2026-04-01
CVE-2026-4370 Improper TLS Client/Server authentication and certificate verification on Database Cluster — Juju 10.0 Critical2026-04-01
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names — cryptography 9.1AICriticalAI2026-03-31
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange — Apache Airflow Provider for Databricks 7.4 -2026-03-30
CVE-2026-32884 Botan: Case-Insensitive CN Values Bypass DNS excludedSubtrees Name Constraints (RFC 5280 Violation) — botan 5.9 Medium2026-03-30
CVE-2019-25652 UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM — UniFi Network Controller 7.5 High2026-03-27
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) — forge 7.4 High2026-03-27
CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE — Wazuh Provisioning Scripts (Agent Build Environment) 4.8 Medium2026-03-27
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers — incus 7.1 -2026-03-26
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification — mod_gnutls 6.8 Medium2026-03-24
CVE-2026-4587 HybridAuth SSL Curl.php certificate validation — HybridAuth 3.7 Low2026-03-23
CVE-2026-4434 Devolutions Server 安全漏洞 — Server 7.4 -2026-03-20
CVE-2026-4396 Devolutions Hub Reporting Service 安全漏洞 — Hub Reporting Service 7.4 -2026-03-18
CVE-2026-32293 GL-iNet Comet (GL-RM1) KVM insufficient certificate validation — Comet KVM 3.7 Low2026-03-17
CVE-2026-32627 cpp-httplib has a Silent TLS Certificate Verification Bypass on HTTPS Redirect via Proxy — cpp-httplib 8.7 High2026-03-13
CVE-2026-31798 JumpServer Improper Certificate Validation in Custom SMS API Client — jumpserver 5.0 Medium2026-03-13
CVE-2026-2368 Lenovo Filez 安全漏洞 — FileZ 7.1 High2026-03-11
CVE-2026-1068 Lenovo Filez 安全漏洞 — FileZ 5.3 Medium2026-03-11
CVE-2026-24508 Dell Alienware Command Center 信任管理问题漏洞 — Alienware Command Center (AWCC) 2.5 Low2026-03-11
CVE-2024-14024 Video Station — Video Station 8.0AIHighAI2026-03-11
CVE-2026-27221 Acrobat Reader | Improper Certificate Validation (CWE-295) — Acrobat Reader 5.5 Medium2026-03-10
CVE-2025-68482 Fortinet FortiManager和Fortinet FortiAnalyzer 信任管理问题漏洞 — FortiAnalyzer 6.3 Medium2026-03-10
CVE-2026-3822 Taipower|Taipower APP(Android) - Improper Certificate Validation — Taipower APP 6.5 Medium2026-03-09
CVE-2026-30794 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure — RustDesk Client 7.4 -2026-03-05
CVE-2025-40896 Lack of TLS certificate validation when connecting Arc to a Guardian or CMC, in Arc before v2.2.0 — Arc 6.5 Medium2026-03-04
CVE-2026-2748 S/MIME Certificate Subject Whitespace — Secure Email Gateway 7.5AIHighAI2026-03-04
CVE-2026-3336 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC — AWS-LC 7.5 High2026-03-02
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command — rancher 8.3 High2026-02-25
CVE-2026-3100 An improper certificate validation vulnerability was found in the FTP Backup on the ADM. — ADM 6.8 -2026-02-25
CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client — openemr 8.1 High2026-02-25

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.