Skip to main content

CWE-296

Improper Following of a Certificate's Chain of Trust

10 CVEs Avg CVSS 7.3 MITRE
1
CRITICAL
6
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-24066 HIGH This Week

Local privilege escalation in Slate Digital Connect 1.37.0 for macOS allows unprivileged users to execute commands as root by connecting to the privileged XPC helper service with a self-signed certificate whose subject OU matches the expected value. The flaw stems from improper certificate validation (CWE-296) in the helper's client authorization logic, which fails to verify the certificate chains to a trusted code-signing authority. No public exploit is identified in CISA KEV at time of analysis, and EPSS reflects very low (0.01%) near-term exploitation probability, but a detailed vendor-lab advisory is publicly available.

Apple Authentication Bypass Privilege Escalation
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-44852 HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-33779 HIGH PATCH This Week

Certificate chain validation bypass in Juniper Junos OS J-Web on SRX Series enables person-in-the-middle attackers to intercept Security Director cloud communications, exposing credentials and sensitive data. All SRX devices connecting to SD cloud fail to properly verify server certificates, allowing interception of authentication material and configuration data. Affects Junos OS versions across all branches prior to 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, and 25.2R1-S2/25.2R2. No public exploit identified at time of analysis. Network-positioned attacker with high complexity required (CVSS AC:H).

Information Disclosure Juniper
NVD VulDB
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-48057 CRITICAL PATCH This Week

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Icinga Suse
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-22459 MEDIUM This Month

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-43196 MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1146 HIGH This Week

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Kubernetes Windows
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2021-23162 HIGH This Week

Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Connect
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2021-23155 MEDIUM This Month

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Client
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2021-1566 HIGH This Week

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Email Security Appliance Asyncos Web Security Appliance
NVD
CVSS 3.1
7.4
EPSS
0.7%
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Slate Digital Connect 1.37.0 for macOS allows unprivileged users to execute commands as root by connecting to the privileged XPC helper service with a self-signed certificate whose subject OU matches the expected value. The flaw stems from improper certificate validation (CWE-296) in the helper's client authorization logic, which fails to verify the certificate chains to a trusted code-signing authority. No public exploit is identified in CISA KEV at time of analysis, and EPSS reflects very low (0.01%) near-term exploitation probability, but a detailed vendor-lab advisory is publicly available.

Apple Authentication Bypass Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting improper input validation in the file path parameter. Successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system as a privileged user.

RCE Hpe Aruba Networking Wireless Operating System Aos
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Certificate chain validation bypass in Juniper Junos OS J-Web on SRX Series enables person-in-the-middle attackers to intercept Security Director cloud communications, exposing credentials and sensitive data. All SRX devices connecting to SD cloud fail to properly verify server certificates, allowing interception of authentication material and configuration data. Affects Junos OS versions across all branches prior to 22.4R3-S9, 23.2R2-S6, 23.4R2-S7, 24.2R2-S3, 24.4R2-S2, and 25.2R1-S2/25.2R2. No public exploit identified at time of analysis. Network-positioned attacker with high complexity required (CVSS AC:H).

Information Disclosure Juniper
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL PATCH This Week

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure Icinga +1
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages With Watson
NVD
EPSS 0% CVSS 8.1
HIGH This Week

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Kubernetes +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Connect
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Command Centre Mobile Client
NVD
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Email Security Appliance +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy