PT-2026-26343 · Step Ca · Step Ca

Prasanthsundararajan69

Publicado

2026-03-19

Atualizado

2026-04-27

CVE-2026-30836

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Step CA versions 0.30.0-rc6 and below

Description Step CA is an online certificate authority designed for secure, automated certificate management. A flaw exists where the software does not adequately protect against unauthenticated certificate issuance through the SCEP UpdateReq (MessageType=18). This allows attackers to potentially obtain valid certificates for any domain without providing credentials. The SCEP UpdateReq bypasses all authentication checks within Step CA.

Recommendations Versions prior to 0.30.0 should be upgraded to version 0.30.0.

Exploit

Correção

Improper Certificate Validation

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295CWE-287

Identificadores relacionados

CLEANSTART-2026-CE02533

CLEANSTART-2026-CV29689

CLEANSTART-2026-UZ79996

CVE-2026-30836

GHSA-Q4R8-XM5F-56GW

GO-2026-4775

SUSE-SU-2026:1135-1

Produtos afetados

Step Ca

PT-2026-26343 · Step Ca · Step Ca

CVE-2026-30836

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 192