PatchSiren cyber security CVE debrief
CVE-2026-29114 Dahua CVE debrief
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.
- Vendor
- Dahua
- Product
- IPC
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of Dahua products who have installed and trusted the device's CA root certificate on their client systems should be aware of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 2.3 and is classified as LOW severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
low
Recommended defensive actions
- Review and update the CA root certificate configuration on Dahua products and client systems.
- Ensure that the CA root certificate is not installed and trusted on client systems unless necessary.
Evidence notes
The vendor is listed as Unknown Vendor, but there is evidence suggesting the product is from Dahua Security.
Official resources
-
CVE-2026-29114 CVE record
CVE.org
-
CVE-2026-29114 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-29114 was published on 2026-06-10T07:16:24.890Z and modified on 2026-06-10T20:11:16.543Z.