PT-2026-55087 · Hex · Quic

Published

2026-07-01

·

Updated

2026-07-01

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Impact

The QUIC client did not authenticate the server during the TLS 1.3 handshake. The CertificateVerify signature was not checked, the certificate chain was not validated, and the hostname was not compared against the certificate, so verify was effectively a no-op on the client. A man-in-the-middle on the network path could present any certificate and impersonate any server, defeating the confidentiality and integrity of the connection. HTTP/3 uses the same client and was equally affected. Handshakes authenticated by a PSK (session resumption) are not affected, because the peer is authenticated by the PSK binder and no certificate is sent.

Patches

Fixed in 1.4.4. The client now verifies the CertificateVerify signature, validates the certificate chain against the trust store (cacerts option, the operating system store by default), and checks the hostname. Client verify now defaults to on; set verify => false to accept any certificate (for example a self-signed test server).

Workarounds

None before 1.4.4. verify => true had no effect, and inspecting the certificate after connecting does not help because without the signature check the peer is never proven to own the certificate it presents.

Credit

Reported by benmmurphy.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

GHSA-2R8V-P65X-3663

Affected Products

Quic