CWE-295

Improper Certificate Validation

Parent: CWE-287 - Improper Authentication

The product does not validate, or incorrectly validates, a certificate.

1,395 vulnerabilities with CWE-295
CVE-2026-39835 MEDIUM
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
CVSS 5.3
CVE-2026-39828 MEDIUM
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
CVSS 6.3
CVE-2026-48249 MEDIUM
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php
CVSS 5.9
CVE-2026-48248 MEDIUM
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php
CVSS 5.9
CVE-2026-48247 MEDIUM
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php
CVSS 5.9
CVE-2026-48246 MEDIUM
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php
CVSS 5.9
CVE-2026-41119 MEDIUM
Dell Live Optics < 27.1.10.1 - Unauthenticated Improper Certificate Validation
CVSS 6.8
CVE-2026-44309 MEDIUM
gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits
CVSS 5.3
CVE-2026-44700 HIGH
Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake
CVE-2026-23998 HIGH
Fleet <4.81.0 Windows MDM Endpoint - Client Certificate Validation Bypass
CVSS 7.5
CVE-2026-44312 MEDIUM
css_parser allows to MITM included https css urls
CVSS 5.8
CVE-2026-32992 HIGH
Webpros cPanel - Improper Certificate Validation
CVSS 8.2
CVE-2026-44363 MEDIUM
Unsafe remote resource fetching in expansion misp-modules
CVE-2026-41132 HIGH
CKAN: No certificate validation on STMP connection
CVSS 7.4
CVE-2026-0249 MEDIUM
GlobalProtect App: Certificate Validation Bypass Vulnerabilities
CVE-2026-0248 MEDIUM
Prisma Access Agent: Improper Certificate Validation Vulnerability
CVE-2026-0244 MEDIUM
Prisma SD-WAN: Improper Certificate Validation Vulnerability
CVE-2026-8367 MEDIUM
aria2c Improper Certificate Validation
CVSS 4.8
CVE-2026-7009 MEDIUM
curl 8.17.0-8.20.0 - Improper Certificate Validation via OCSP Stapling
CVSS 5.3
CVE-2026-4873 MEDIUM
curl 8.7.0-8.19.0 - TLS Bypass via Connection Pool Reuse
CVSS 5.9
CVE-2026-44305 MEDIUM
Lemur: LDAP TLS certificate verification globally disabled enables credential interception
CVSS 6.8
CVE-2026-41872 HIGH
Epg, Inc. "Kura Sushi Official App" For Android - Improper Certificate Validation
CVSS 7.4
CVE-2026-42312 MEDIUM
pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification
CVSS 6.8
CVE-2026-42213 MEDIUM
SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak
CVE-2026-42225 MEDIUM
GnuTLS backend silently skips certificate chain verification when verify_peer is false
CVSS 5.9
Details
Vulnerabilities 1,395
Links
MITRE CWE Entry Search this CWE With Exploits