Skip to main content

TLS CVE-2026-3822

MEDIUM
Improper Certificate Validation (CWE-295)
2026-03-09 twcert@cert.org.tw
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:56 vuln.today
CVE Published
Mar 09, 2026 - 04:16 nvd
MEDIUM 6.5

DescriptionCVE.org

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

AnalysisAI

The Taipower Android application fails to validate TLS/SSL certificates during HTTPS connections, enabling unauthenticated attackers to conduct man-in-the-middle attacks against users. This vulnerability allows adversaries to intercept and modify network traffic without user awareness. No patch is currently available for this medium-severity issue (CVSS 6.5).

Technical ContextAI

Classified as CWE-295 (Improper Certificate Validation). Affects Taipower App. Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

More in TLS

View all
CVE-2026-27180 CRITICAL POC
9.8 Feb 18

MajorDoMo home automation platform is vulnerable to unauthenticated remote code execution through supply chain compromis

CVE-2026-27944 CRITICAL POC
9.8 Mar 05

Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.

CVE-2026-27590 CRITICAL POC
9.8 Feb 24

FastCGI path splitting vulnerability in Caddy before 2.11.1 allows request smuggling or path confusion when proxying to

CVE-2026-27586 CRITICAL POC
9.1 Feb 24

TLS error swallowing in Caddy web server before 2.11.1 allows bypassing client certificate authentication. Errors in Cli

CVE-2026-27588 CRITICAL POC
9.1 Feb 24

Host header case sensitivity bypass in Caddy before 2.11.1. Virtual host routing can be bypassed by using alternate casi

CVE-2026-27587 CRITICAL POC
9.1 Feb 24

Case sensitivity bypass in Caddy web server path matching before 2.11.1. HTTP path matchers can be bypassed using altern

CVE-2026-25160 CRITICAL POC
9.1 Feb 04

Alist file manager has an improper certificate validation vulnerability allowing MITM attacks that could compromise file

CVE-2026-30851 HIGH POC
8.1 Mar 07

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, e

CVE-2022-40620 HIGH POC
7.7 Jan 28

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS ce

CVE-2026-30852 HIGH POC
7.5 Mar 07

Caddy versions 2.7.5 through 2.11.1 contain a template injection vulnerability in the vars_regexp matcher that allows re

CVE-2026-25961 HIGH POC
7.5 Feb 09

SumatraPDF versions 3.5.0 through 3.5.2 fail to validate TLS certificates during software updates and execute installers

CVE-2025-68133 HIGH POC
7.4 Jan 21

EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's

Share

CVE-2026-3822 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy