CVE-2026-45388

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 15, 2026

Vendor unknown

Description

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).

References

https://osv.dev/vulnerability/OSEC-2026-06