Month: July 2026
CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify
CVE-2026-55967 AES-GCM streaming APIs do not reject >64 GiB cumulative single messages, enabling counter wrap and keystream reuse
CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption
CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)
CVE-2026-55960 Un-negotiated Raw Public Key (RFC 7250) accepted in place of X.509, bypassing chain validation
CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
Information published. Continue reading CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions
