PT-2026-42202 · Git · Tls
Ben Smyth
·
Published
2026-05-20
·
Updated
2026-06-15
·
CVE-2026-45388
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OCaml-TLS versions prior to 2.1.0
Description
The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage (EKU) extensions of server certificates during TLS 1.3 handshakes. Specifically, the
answer certificate function in handshake client13.ml is not linked to the validate keyusage() function, which is responsible for checking for Server auth (OID 1.3.6.1.5.5.7.3.1). This allows an attacker possessing a certificate issued for purposes other than server authentication—such as clientAuth, codeSigning, or emailProtection—to impersonate a server, provided the certificate is issued by a trusted CA and the Subject Alternative Name (SAN) matches the target hostname.Recommendations
Update OCaml-TLS to version 2.1.0.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tls