cbcvebase.

Github.Com Smallstep Certificates vulnerabilities

4 known vulnerabilities affecting github.com/smallstep_certificates.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-44005P2CRITICAL≥ 0, < 0.29.02025-12-03
CVE-2025-44005 [CRITICAL] CWE-306 Step CA Has Authorization Bypass in ACME and SCEP Provisioners Step CA Has Authorization Bypass in ACME and SCEP Provisioners ## Summary A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release (`v0.29.0`) immediately. The issue was discovered and disclosed by a research team during a security revi
ghsaosv
CVE-2026-30836P3CRITICAL≥ 0, < 0.30.02026-03-19
CVE-2026-30836 [CRITICAL] CWE-287 step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) ## Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. ## Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that w
ghsaosv
CVE-2025-66406P4MEDIUM≥ 0, < 0.29.02025-12-03
CVE-2025-66406 [MEDIUM] CWE-285 step-ca Has Improper Authorization Check for SSH Certificate Revocation step-ca Has Improper Authorization Check for SSH Certificate Revocation ## Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. ## Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate (preventing future certificate
ghsaosv
CVE-2026-40097P4LOW≥ 0.24.0, < 0.30.02026-04-10
CVE-2026-40097 [LOW] CWE-129 Step CA affected by an index out of bounds panic in TPM attestation EKU validation Step CA affected by an index out of bounds panic in TPM attestation EKU validation # Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key Usage (EKU) extension during TPM device attestation. ## Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA v
ghsa
Github.Com Smallstep Certificates vulnerabilities | cvebase