CRITICAL🇵🇱 Wersja polska

CVE-2026-30836

CVSS 10.0v3.1pub. 2026-03-19upd. 2026-04-27

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.

🤖 AI Analysis
How it works

Step-CA versions up to and including 0.30.0-rc6 do not enforce authentication when handling SCEP UpdateReq requests. An attacker can send a crafted UpdateReq request to the publicly accessible SCEP endpoint without providing any credentials. The system does not verify the identity of the sender, which classifies the vulnerability as an authentication error (CWE-287) and improper certificate verification (CWE-295). As a result, the certificate authority issues a valid certificate to an untrusted entity.

Impact

An attacker without any permissions can remotely obtain valid PKI certificates issued by a trusted certificate authority, which may lead to impersonation of other systems, network traffic interception (man-in-the-middle attacks), and compromise of integrity and confidentiality of certificate-based infrastructure.

Mitigation & patch

Smallstep Step-CA should be updated to version 0.30.0 (or at least 0.30.0-rc7) where the issue has been fixed. Patches are available in the project's GitHub repository and in official release notes.

Who is affected

Smallstep Step-CA versions 0.30.0-rc6 and earlier using SCEP protocol

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Smallstep Step Ca

    APP
    Smallstep
    0.30.0< 0.30.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-40097LOW3.7ten sam produkt

Step CA to internetowy urząd certyfikacji do bezpiecznego, zautomatyzowanego zarządzania certyfikatami dla Dev...