Skip to main content

Aria2C

1 CVEs product

Monthly

CVE-2026-8367 MEDIUM This Month

aria2c fails to properly validate Extended Key Usage (EKU) constraints in TLS server certificates, allowing attackers who possess a compromised certificate issued for a different purpose to impersonate legitimate servers. This undermines certificate-based authentication and enables man-in-the-middle attacks against aria2c downloads over HTTPS, potentially leading to delivery of malicious files or interception of sensitive data.

Information Disclosure Aria2C
NVD VulDB
CVSS 3.1
4.8
EPSS
0.0%
EPSS 0% CVSS 4.8
MEDIUM This Month

aria2c fails to properly validate Extended Key Usage (EKU) constraints in TLS server certificates, allowing attackers who possess a compromised certificate issued for a different purpose to impersonate legitimate servers. This undermines certificate-based authentication and enables man-in-the-middle attacks against aria2c downloads over HTTPS, potentially leading to delivery of malicious files or interception of sensitive data.

Information Disclosure Aria2C
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy