CVE-2026-40944— Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded. This silently breaks certificate chain validation for mTLS. This vulnerability is fixed in 0.16.2.

N/A

证书验证不恰当

oxia 信任管理问题漏洞

oxia是Oxia开源的一个分布式元数据存储与协调系统。 oxia 0.16.2之前版本存在信任管理问题漏洞，该漏洞源于TLS配置中的trustedCertPool函数仅解析CA证书文件中的第一个PEM块，当CA捆绑包包含多个证书时，可能导致mTLS的证书链验证静默失效。

N/A

N/A