Description
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).
Published: 2026-06-15
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The issue resides in the OCaml‑TLS client implementation before version 2.1.0. It fails to enforce certificate KeyUsage and ExtendedKeyUsage extensions when validating the server’s certificate. Consequently a malicious server may present a certificate that is technically valid but not intended for server authentication, leading the client to accept it as trustworthy and allowing the attacker to impersonate a legitimate server. This impersonation flaw can undermine the confidentiality and integrity of the data transmitted over TLS.

Affected Systems

This vulnerability affects the OCaml‑TLS library, specifically versions earlier than 2.1.0. The library is commonly used in OCaml applications that implement TLS communication. No vendor or product name is provided in the CNA data, so any project relying on a pre‑2.1.0 build of OCaml‑TLS is potentially susceptible.

Risk and Exploitability

The CVSS v3 score of 9.1 classifies it as critical, while the EPSS score indicates a very low but non‑zero likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalogue. The attack vector is likely remote: an attacker can trigger the flaw simply by connecting to a client that uses the vulnerable library and presenting a crafted certificate. No privilege escalation is required on the client side; the weakness lies only in insecure validation logic.

Generated by OpenCVE AI on June 17, 2026 at 23:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the OCaml‑TLS library to version 2.1.0 or later, which implements proper KeyUsage and ExtendedKeyUsage checks for server certificates.
  • If updating the library is not immediately possible, restrict outgoing connections to pre‑verified server certificates or enhance the application’s host‑name validation logic to reject certificates lacking the correct key usage bits.
  • Monitor client connections for abnormal TLS handshake patterns that could indicate an attempted impersonation and investigate any unexpected certificate exchanges.

Generated by OpenCVE AI on June 17, 2026 at 23:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title OCaml‑TLS Insufficient Certificate Validation Enables Server Impersonation

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title OCaml‑TLS Insufficient Certificate Validation Enables Server Impersonation

Tue, 16 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-295
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Ocaml
Ocaml ocaml
Vendors & Products Ocaml
Ocaml ocaml

Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:57:42.571Z

Reserved: 2026-05-12T00:00:00.000Z

Link: CVE-2026-45388

cve-icon Vulnrichment

Updated: 2026-06-16T13:52:20.350Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:28.350

Modified: 2026-06-16T15:35:16.600

Link: CVE-2026-45388

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T23:30:04Z

Weaknesses
  • CWE-295

    Improper Certificate Validation