PT-2026-42203 · Git · Tls
Ben Smyth
·
Published
2026-05-20
·
Updated
2026-06-17
·
CVE-2026-45389
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OCaml-TLS versions prior to 2.1.0
Description
The server implementation fails to properly validate the
KeyUsage and ExtendedKeyUsage extensions of certificates provided by clients during mutual TLS (mTLS) authentication. This allows an attacker to impersonate a client using a certificate that was only intended for server authentication (containing id-kp-serverAuth). Specifically, the library does not verify if the certificate includes digitalSignature in its keyUsage or clientAuth in its ExtendedKeyUsage.Technical details indicate that the issue occurs within the
validateCerts() function in handshake server.ml and the answerClientCertificate() function in handshake server13.ml, where the validateChain process completes without checking these specific constraints. This can lead to unauthorized access if the server trusts a Certificate Authority (CA) that issues server-only certificates, such as a corporate internal CA or a public PKI trust store.Recommendations
Update to version 2.1.0.
As a temporary workaround, restrict the trust store to only include CAs that strictly separate client and server certificates, or implement post-validation gating based on Common Name (CN) or Subject Alternative Name (SAN) to verify the identity of the authenticated client.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tls