CVE-2026-45389

Vulnerability Description

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

Vulnerability Details

Published Date

June 15, 2026

Last Modified

June 15, 2026

Source

NVD

External References

https://osv.dev/vulnerability/OSEC-2026-07

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment