PatchSiren cyber security CVE debrief
CVE-2026-45388 OCaml-TLS CVE debrief
CVE-2026-45388 is a vulnerability in the OCaml-TLS library before version 2.1.0. The client implementation does not perform sufficient checks on the certificate provided by the server. This flaw allows for impersonation using certificates not intended for server authentication, due to issues with KeyUsage and ExtendedKeyUsage.
- Vendor
- OCaml-TLS
- Product
- OCaml-TLS
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of OCaml-TLS before version 2.1.0, especially those using the library for secure communication in applications where server authentication is critical.
Technical summary
The OCaml-TLS library, used for secure communication in OCaml applications, had a vulnerability where the client side did not properly validate server certificates. This could lead to man-in-the-middle attacks or server impersonation because the library did not correctly enforce the KeyUsage and ExtendedKeyUsage fields of X.509 certificates.
Defensive priority
High
Recommended defensive actions
- Update to OCaml-TLS version 2.1.0 or later to ensure proper certificate validation.
- Review and update any applications or services using OCaml-TLS to ensure they are using the updated version.
Evidence notes
Evidence from the National Vulnerability Database (NVD) and OSV indicates that the vulnerability exists and has been addressed in version 2.1.0 of OCaml-TLS.
Official resources
-
CVE-2026-45388 CVE record
CVE.org
-
CVE-2026-45388 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45388 was published on 2026-06-15T20:16:28.350Z.