PT-2026-42202 · Git · Tls

Ben Smyth

·

Published

2026-05-20

·

Updated

2026-06-15

·

CVE-2026-45388

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0
Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage (EKU) extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer certificate function in handshake client13.ml is not linked to the validate keyusage() function, which is responsible for checking for Server auth (OID 1.3.6.1.5.5.7.3.1). This allows an attacker possessing a certificate issued for purposes other than server authentication—such as clientAuth, codeSigning, or emailProtection—to impersonate a server, provided the certificate is issued by a trusted CA and the Subject Alternative Name (SAN) matches the target hostname.
Recommendations Update OCaml-TLS to version 2.1.0.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45388
OSEC-2026-06

Affected Products

Tls