PT-2026-42203 · Git · Tls

Ben Smyth

·

Published

2026-05-20

·

Updated

2026-06-17

·

CVE-2026-45389

CVSS v3.1

7.4

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0
Description The server implementation fails to properly validate the KeyUsage and ExtendedKeyUsage extensions of certificates provided by clients during mutual TLS (mTLS) authentication. This allows an attacker to impersonate a client using a certificate that was only intended for server authentication (containing id-kp-serverAuth). Specifically, the library does not verify if the certificate includes digitalSignature in its keyUsage or clientAuth in its ExtendedKeyUsage.
Technical details indicate that the issue occurs within the validateCerts() function in handshake server.ml and the answerClientCertificate() function in handshake server13.ml, where the validateChain process completes without checking these specific constraints. This can lead to unauthorized access if the server trusts a Certificate Authority (CA) that issues server-only certificates, such as a corporate internal CA or a public PKI trust store.
Recommendations Update to version 2.1.0. As a temporary workaround, restrict the trust store to only include CAs that strictly separate client and server certificates, or implement post-validation gating based on Common Name (CN) or Subject Alternative Name (SAN) to verify the identity of the authenticated client.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45389
OSEC-2026-07

Affected Products

Tls