CVE-2026-30836

| EUVD-2026-13200 CRITICAL
2026-03-19 https://github.com/smallstep/certificates GHSA-q4r8-xm5f-56gw
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 19, 2026 - 17:00 euvd
EUVD-2026-13200
Analysis Generated
Mar 19, 2026 - 17:00 vuln.today
CVE Published
Mar 19, 2026 - 16:27 nvd
CRITICAL 10.0

Tags

Authentication Bypass

Description

⚠️ **Limited Disclosure - Full Details Pending** A critical security vulnerability has been identified in Step CA. An updated version, v0.30.0, is available and all operators are strongly encouraged to upgrade immediately. Full details of this vulnerability will be published in this security advisory on March 30, 2026. If you have urgent questions in the meantime, please contact [[email protected]](mailto:[email protected]).

Analysis

A critical authentication bypass vulnerability exists in Step CA, an open-source certificate authority, that allows remote unauthenticated attackers to completely bypass authentication mechanisms and gain unauthorized access with high privileges. The vulnerability affects all versions prior to v0.30.0 and has been assigned the maximum CVSS score of 10.0, indicating extreme severity with potential for both confidentiality and integrity compromise across security boundaries. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Inventory all Step CA deployments and isolate instances from untrusted networks; declare security incident status and establish incident response team. Within 7 days: Upgrade all Step CA instances to v0.30.0 or later immediately upon release; conduct certificate audit to identify unauthorized issuance; rotate all CA keys and re-issue critical certificates. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +50
POC: 0

Share

CVE-2026-30836 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy