CVE-2026-45389

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 15, 2026

Vendor unknown

Description

In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and ExtendedKeyUsage).

References

https://osv.dev/vulnerability/OSEC-2026-07