CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,335 vulnerabilities with CWE-295
CVE-2026-41016
Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider
CVE-2026-40974 MEDIUM
Spring Boot <4.0.6 - SSL Hostname Verification Bypass
CVSS 5.0
CVE-2026-40971 MEDIUM
Spring Boot 4.0.0-4.0.5 - Auth Bypass
CVSS 5.0
CVE-2026-40970 MEDIUM
Spring Boot 4.0.0-4.0.5 - Auth Bypass
CVSS 5.0
CVE-2026-40557 ANALYSIS PENDING
Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections
CVE-2026-40944 MEDIUM
Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles
CVE-2026-39388 LOW
OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
CVSS 3.1
CVE-2026-23776 HIGH
Dell PowerProtect Data Domain - Privilege Escalation
CVSS 7.2
CVE-2026-20184 CRITICAL
Cisco Webex Meetings Certificate Validation Vulnerability
CVSS 9.8
CVE-2026-39984 MEDIUM
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
CVSS 5.5
CVE-2026-0233 LOW
Autonomous Digital Experience Manager: Improper validation of ADEM certificate
CVE-2026-5501 HIGH
Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
CVSS 8.1
CVE-2026-5263 MEDIUM
URI nameConstraints not enforced in ConfirmNameConstraints()
CVSS 6.5
CVE-2026-5194 CRITICAL
wolfSSL ECDSA Certificate Verification
CVSS 9.1
CVE-2026-35207 MEDIUM
deepinid plugin in dde-control-center is configured to skip TLS certificate verification when downloading avatar from remote server
CVSS 5.4
CVE-2026-33753 MEDIUM
Improper Certificate Validation in rfc3161-client
CVSS 6.2
CVE-2026-33810 HIGH
Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509
CVSS 8.2
CVE-2026-32281 HIGH
Inefficient policy validation in crypto/x509
CVSS 7.5
CVE-2026-34580 HIGH
Botan has a certificate authentication bypass due to trust anchor confusion
CVSS 7.5
CVE-2026-4740 HIGH
Rhacm: open cluster management (ocm): cross-cluster privilege escalation via improper kubernetes client certificate renewal validation
CVSS 8.2
CVE-2026-32144 HIGH
OCSP designated-responder authorization bypass via missing signature verification
CVSS 7.4
CVE-2026-35389 HIGH
Bulwark Webmail S/MIME signature verification accepted self-signed certificates
CVSS 7.5
CVE-2026-35560 HIGH
Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver
CVSS 7.4
CVE-2026-29140 MEDIUM
S/MIME Signature Additional Certificate
CVSS 5.3
CVE-2026-25834 MEDIUM
Mbed TLS 3.3.0-3.6.5, 4.0.0 - Algorithm Downgrade
CVSS 6.5
Details
Vulnerabilities 1,335
Links
MITRE CWE Entry Search this CWE With Exploits