VYPR

Step Ca

by Smallstep

Source repositories

CVEs (2)

  • CVE-2026-30836CriMar 19, 2026
    risk 0.58cvss 10.0epss 0.00

    Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

  • CVE-2026-40097LowApr 10, 2026
    risk 0.17cvss 3.7epss 0.00

    Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key…