CVE Catalog

CVE-2026-6412

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

0th percentile — higher than 0% of all known CVEs

Summary

The vulnerability concerns issues with certificate policy and RFC 8446 compliance, involving the continued acceptance of SHA-1 and MD5 algorithms in certificate processing.

Risk Assessment

The risk involves the potential exploitation of weak hash functions (SHA-1, MD5) to forge certificates, which could lead to man-in-the-middle attacks or impersonation of trusted entities.

Recommendation

It is recommended to disable acceptance of certificates using SHA-1 and MD5, and update the software to a version compliant with RFC 8446, which mandates the use of stronger cryptographic algorithms.

Original NVD description (English source)

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS