CVE 9.1 CRITICAL

CVE-2026-45389_CVE-2026-45389

June 16, 2026 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

AI Analysis

Insufficient certificate checks allow impersonation with non-client authentication certificates

Basic Information

ID CVE-2026-45389

Source mitre

Published Jun 15, 2026 at 00:00

Modified Jun 16, 2026 at 13:56

Affected Product

Vendor OCaml

Product OCaml-TLS

Version before 2.1.0

Affected Versions n/a n/a n/a

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor OCaml

Product OCaml-TLS

Version before 2.1.0

References

osv.dev /vulnerability/OSEC-2026-07

{
    "lastseen": "",
    "description": "In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).",
    "published": "2026-06-15T00:00:00.000Z",
    "modified": "2026-06-16T13:56:44.473Z",
    "type": "cve",
    "title": "CVE-2026-45389",
    "source": "mitre",
    "references": "https://osv.dev/vulnerability/OSEC-2026-07",
    "id": "CVE-2026-45389",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OCaml-TLS",
    "version": "before 2.1.0",
    "vendor": "OCaml",
    "ai_description": "Insufficient certificate checks allow impersonation with non-client authentication certificates",
    "ai_severity": "Critical",
    "ai_vendor": "OCaml",
    "ai_product": "OCaml-TLS",
    "ai_version": "before 2.1.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply