Github.Com Smallstep Certificates vulnerabilities
4 known vulnerabilities affecting github.com/smallstep_certificates.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-44005P2CRITICAL≥ 0, < 0.29.02025-12-03
CVE-2025-44005 [CRITICAL] CWE-306 Step CA Has Authorization Bypass in ACME and SCEP Provisioners
Step CA Has Authorization Bypass in ACME and SCEP Provisioners
## Summary
A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners.
All operators running these provisioners should upgrade to the latest release (`v0.29.0`) immediately.
The issue was discovered and disclosed by a research team during a security revi
ghsaosv
CVE-2026-30836P3CRITICAL≥ 0, < 0.30.02026-03-19
CVE-2026-30836 [CRITICAL] CWE-287 step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
## Summary
An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks.
## Details
SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that w
ghsaosv
CVE-2025-66406P4MEDIUM≥ 0, < 0.29.02025-12-03
CVE-2025-66406 [MEDIUM] CWE-285 step-ca Has Improper Authorization Check for SSH Certificate Revocation
step-ca Has Improper Authorization Check for SSH Certificate Revocation
## Summary
An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token.
## Details
Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate (preventing future certificate
ghsaosv
CVE-2026-40097P4LOW≥ 0.24.0, < 0.30.02026-04-10
CVE-2026-40097 [LOW] CWE-129 Step CA affected by an index out of bounds panic in TPM attestation EKU validation
Step CA affected by an index out of bounds panic in TPM attestation EKU validation
# Summary
An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key Usage (EKU) extension during TPM device attestation.
## Details
When processing a device-attest-01 ACME challenge using TPM attestation, Step CA v
ghsa