CVE-2026-30836

CVSS v3.1

Critical

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

⚠️ Limited Disclosure — Full Details Pending

A critical security vulnerability has been identified in Step CA. An updated version, v0.30.0, is available and all operators are strongly encouraged to upgrade immediately.

Full details of this vulnerability will be published in this security advisory on March 30, 2026. If you have urgent questions in the meantime, please contact security@smallstep.com.

Fix

Improper Certificate Validation

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-287

Related Identifiers

CVE-2026-30836

GHSA-Q4R8-XM5F-56GW

Affected Products

Certificates

Github.Com/Smallstep/Certificates

CVE-2026-30836

Weakness Enumeration

Related Identifiers

Affected Products

References · 9