VYPR

CWE-296

Improper Following of a Certificate's Chain of Trust

BaseDraftLikelihood: Low

Description

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (8)

  • CVE-2026-4370CriApr 1, 2026
    risk 0.58cvss 10.0epss 0.00

    A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the internal Dqlite database cluster fails to perform proper TLS client and server authentication. Specifically, the Juju controller's database endpoint does not…

  • CVE-2026-24066HigJun 10, 2026
    risk 0.55cvss 8.4epss 0.00

    Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU…

  • CVE-2025-1146HigFeb 12, 2025
    risk 0.53cvss 8.1epss 0.00

    CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon…

  • CVE-2026-44852HigMay 12, 2026
    risk 0.47cvss 7.2epss 0.00

    An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating…

  • CVE-2026-33779MedApr 9, 2026
    risk 0.42cvss 6.5epss 0.00

    An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to confidential information and potentially modify it. When an SRX device is…

  • CVE-2025-10539MedApr 28, 2026
    risk 0.31cvss 4.8epss 0.00

    Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request.…

  • CVE-2026-42789MedMay 27, 2026
    risk 0.24cvss 4.8epss 0.00

    Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl,…

  • CVE-2025-12383Nov 18, 2025
    risk 0.00cvss epss 0.00

    In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but…