CVE-2026-29114
LowCVSS 2.3Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
A vulnerability has been found in some Dahua products that allows an attacker to obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients.
Risk Assessment
This vulnerability could undermine the certificate trust chain, posing a risk to the security of communications within the organization.
Recommendation
It is recommended to monitor and update Dahua products and review trusted certificates on client systems to minimize risk.
Original NVD description (English source)
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

