CVE-2026-1858

Exploit

EPSS 0.01%
Veröffentlicht 29.04.2026 20:15:50
Zuletzt bearbeitet 05.05.2026 02:47:29
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

wget2 Improper Certificate Validation

wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Wget2 Version <= 2.2.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
vulnreport@tenable.com	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.tenable.com/security/research/tra-2026-37

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-1858

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1858

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1858

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1858