Back to CVE List

CVE-2026-40944

Vulnerability Description

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., intermediate + root CA), only the first certificate is loaded. This silently breaks certificate chain validation for mTLS. This vulnerability is fixed in 0.16.2.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-295
Source
NVD
Vendor
oxia-db
Product
oxia

External References

Discussion (0)

Add Comment

No comments yet. Be the first!