CVE-2026-30836

CRITICAL

Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Title source: cna

Description

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

References (3)

[X_Refsource_Confirm] https://github.com/smallstep/certificates/security/advisories/GHSA-q4r8-xm5f-56gw

[X_Refsource_Misc] https://github.com/smallstep/certificates/commit/e6da031d5125cfd99fe9a26f74bb41e4dacca4ef

View Writeup ZIP pw:eip

[X_Refsource_Misc] https://github.com/smallstep/certificates/releases/tag/v0.30.0-rc7

Scores

CVSS v3 10.0

EPSS 0.0001

EPSS Percentile 1.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287 CWE-295

Status published

Products (4)

smallstep/certificates 0 - 0.30.0Go

smallstep/certificates < 0.30.0

smallstep/step-ca 0.30.0 rc1 (6 CPE variants)

smallstep/step-ca < 0.30.0

Published Mar 19, 2026

Tracked Since Mar 20, 2026