CVE Catalog

CVE-2026-45388

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

In OCaml-TLS before version 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, allowing impersonation with certificates not meant for server authentication.

Risk Assessment

The organization may be exposed to impersonation attacks, potentially leading to unauthorized access to data or services.

Recommendation

It is recommended to upgrade OCaml-TLS to version 2.1.0 or later to ensure proper certificate checks.

Original NVD description (English source)

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS