Nguyenhuy-Hoanganh

**Name of the Vulnerable Software and Affected Versions** WeeChat versions 3.2 through 3.4 before 3.4.1 **Description** The issue arises when certain GnuTLS options are changed without a WeeChat restart, specifically `weechat.network.gnutls ca system` or `weechat.network.gnutls ca user`. This allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate, as the TLS certificate of the server is not properly verified. **Recommendations** For WeeChat versions 3.2 through 3.4 before 3.4.1, update to version 3.4.1 to resolve the issue. As a temporary workaround, consider restarting WeeChat after changing `weechat.network.gnutls ca system` or `weechat.network.gnutls ca user` to ensure proper TLS certificate verification.