CVE-2025-26787

Name of the Vulnerable Software and Affected Versions Keyfactor SignServer versions prior to 7.2

Description A flaw exists in the startup logic of the Keyfactor SignServer container. The Admin CLI command, designed to configure certificate access during the initial container startup, incorrectly runs on each container restart. This resets the configuration to allow any user with a valid and trusted client authentication certificate to connect, overriding any more restrictive access settings configured by administrators.

Recommendations Update to a version that is not prior to 7.2.