CVE Catalog

CVE-2026-45389

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

In OCaml-TLS before version 2.1.0, the server implementation does insufficient checks of the certificate provided by the client during client authentication. This allows impersonation with certificates that are not meant for client authentication.

Risk Assessment

Organizations may be exposed to impersonation attacks, which can lead to unauthorized access to resources and data.

Recommendation

It is recommended to update OCaml-TLS to version 2.1.0 or later to ensure proper certificate checks during client authentication.

Original NVD description (English source)

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS