CVE-2026-1858
MEDIUM
NVD
CVSS Score
4.8
Severity
MEDIUM
Published
Apr 29, 2026
Vendor
unknown
Description
wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.