PatchSiren

OCaml-TLS CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review OCaml-TLS CVE published 2026-06-15

CVE-2026-45388

CVE-2026-45388 is a vulnerability in the OCaml-TLS library before version 2.1.0. The client implementation does not perform sufficient checks on the certificate provided by the server. This flaw allows for impersonation using certificates not intended for server authentication, due to issues with KeyUsage and ExtendedKeyUsage.