CVE 9.1 CRITICAL

CVE-2026-45388_CVE-2026-45388

June 16, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).

AI Analysis

Insufficient certificate checks allow server impersonation

Basic Information

ID CVE-2026-45388

Source mitre

Published Jun 15, 2026 at 00:00

Modified Jun 16, 2026 at 13:57

Affected Product

Vendor OCaml-TLS Project

Product OCaml-TLS

Version < 2.1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-295

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor OCaml-TLS Project

Product OCaml-TLS

Version < 2.1.0

References

osv.dev /vulnerability/OSEC-2026-06

{
    "lastseen": "",
    "description": "In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).",
    "published": "2026-06-15T00:00:00.000Z",
    "modified": "2026-06-16T13:57:42.571Z",
    "type": "cve",
    "title": "CVE-2026-45388",
    "source": "mitre",
    "references": "https://osv.dev/vulnerability/OSEC-2026-06",
    "id": "CVE-2026-45388",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OCaml-TLS",
    "version": "< 2.1.0",
    "vendor": "OCaml-TLS Project",
    "ai_description": "Insufficient certificate checks allow server impersonation",
    "ai_severity": "Critical",
    "ai_vendor": "OCaml-TLS Project",
    "ai_product": "OCaml-TLS",
    "ai_version": "< 2.1.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply