VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/smallstep/certificates

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-40097 unknown 2mo ago Step CA affected by an index out of bounds panic in TPM attestation EKU validation
CVE-2026-30836 unknown 2mo ago step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) in github.com/smallstep/certificates
CVE-2025-44005 unknown 6mo ago Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates
CVE-2025-66406 unknown 6mo ago step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates